Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
TEDGRQXB.exe

Overview

General Information

Sample name:TEDGRQXB.exe
Analysis ID:1635763
MD5:0c250fff0a60cd38606e6a47fc15b33b
SHA1:0cb4c828a8ceb9deed5af8cf2514175e1468697b
SHA256:d24e47edebbecb0a0c2389e832825412fbc563c3782556ddb89fd2a7a328331a
Tags:exeuser-tmechen_
Infos:

Detection

Vidar
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Vidar stealer
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Monitors registry run keys for changes
Searches for specific processes (likely to inject)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (date check)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • TEDGRQXB.exe (PID: 8144 cmdline: "C:\Users\user\Desktop\TEDGRQXB.exe" MD5: 0C250FFF0A60CD38606E6A47FC15B33B)
    • conhost.exe (PID: 8180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • TEDGRQXB.exe (PID: 7464 cmdline: "C:\Users\user\Desktop\TEDGRQXB.exe" MD5: 0C250FFF0A60CD38606E6A47FC15B33B)
      • chrome.exe (PID: 1556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 2820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,2253101441032793717,4721009517651061481,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=268 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 6236 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,2253101441032793717,4721009517651061481,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5232 /prefetch:8 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • msedge.exe (PID: 5740 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default" MD5: 69222B8101B0601CC6663F8381E7E00F)
        • msedge.exe (PID: 5520 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2284,i,1465142929615344142,2036732362950933187,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
      • cmd.exe (PID: 6744 cmdline: "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\9h4wb" & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 2668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • timeout.exe (PID: 6664 cmdline: timeout /t 11 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • msedge.exe (PID: 5924 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7600 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 1516 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6504 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 6192 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=4528 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8012 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4732 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
VidarVidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: Vidar

{"C2 url": "https://steamcommunity.com/profiles/76561199832267488", "Botnet": "dqu220"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000002.00000003.1624552440.0000000001284000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
      00000002.00000002.2252279103.0000000000400000.00000040.00000400.00020000.00000000.sdmpinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
      • 0x1fcca:$str01: MachineID:
      • 0x1ef53:$str02: Work Dir: In memory
      • 0x1fd01:$str03: [Hardware]
      • 0x1fcb3:$str04: VideoCard:
      • 0x1f6b5:$str05: [Processes]
      • 0x1f6c1:$str06: [Software]
      • 0x1efd0:$str07: information.txt
      • 0x1fa36:$str08: %s\*
      • 0x1fa83:$str08: %s\*
      • 0x1f206:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
      • 0x1f59f:$str12: UseMasterPassword
      • 0x1fd0d:$str13: Soft: WinSCP
      • 0x1f7eb:$str14: <Pass encoding="base64">
      • 0x1fcf0:$str15: Soft: FileZilla
      • 0x1efc2:$str16: passwords.txt
      • 0x1f5ca:$str17: build_id
      • 0x1f679:$str18: file_data
      00000002.00000003.1520833988.0000000001236000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
        00000002.00000003.1624572859.0000000001234000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
          00000002.00000003.1576840128.0000000001236000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_Vidar_1Yara detected Vidar stealerJoe Security
            Click to see the 4 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.2.TEDGRQXB.exe.400000.0.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
            • 0x1e2ca:$str01: MachineID:
            • 0x1d553:$str02: Work Dir: In memory
            • 0x1e301:$str03: [Hardware]
            • 0x1e2b3:$str04: VideoCard:
            • 0x1dcb5:$str05: [Processes]
            • 0x1dcc1:$str06: [Software]
            • 0x1d5d0:$str07: information.txt
            • 0x1e036:$str08: %s\*
            • 0x1e083:$str08: %s\*
            • 0x1d806:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
            • 0x1db9f:$str12: UseMasterPassword
            • 0x1e30d:$str13: Soft: WinSCP
            • 0x1ddeb:$str14: <Pass encoding="base64">
            • 0x1e2f0:$str15: Soft: FileZilla
            • 0x1d5c2:$str16: passwords.txt
            • 0x1dbca:$str17: build_id
            • 0x1dc79:$str18: file_data
            2.2.TEDGRQXB.exe.400000.0.raw.unpackinfostealer_win_vidar_strings_nov23Finds Vidar samples based on the specific stringsSekoia.io
            • 0x1fcca:$str01: MachineID:
            • 0x1ef53:$str02: Work Dir: In memory
            • 0x1fd01:$str03: [Hardware]
            • 0x1fcb3:$str04: VideoCard:
            • 0x1f6b5:$str05: [Processes]
            • 0x1f6c1:$str06: [Software]
            • 0x1efd0:$str07: information.txt
            • 0x1fa36:$str08: %s\*
            • 0x1fa83:$str08: %s\*
            • 0x1f206:$str11: Software\Martin Prikryl\WinSCP 2\Configuration
            • 0x1f59f:$str12: UseMasterPassword
            • 0x1fd0d:$str13: Soft: WinSCP
            • 0x1f7eb:$str14: <Pass encoding="base64">
            • 0x1fcf0:$str15: Soft: FileZilla
            • 0x1efc2:$str16: passwords.txt
            • 0x1f5ca:$str17: build_id
            • 0x1f679:$str18: file_data

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Browser Started with Remote Debugging
            Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\TEDGRQXB.exe", ParentImage: C:\Users\user\Desktop\TEDGRQXB.exe, ParentProcessId: 7464, ParentProcessName: TEDGRQXB.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default", ProcessId: 1556, ProcessName: chrome.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T23:59:38.254408+010020442471Malware Command and Control Activity Detected78.47.63.132443192.168.2.549717TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T23:59:43.028911+010020518311Malware Command and Control Activity Detected78.47.63.132443192.168.2.549719TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T23:59:32.657488+010020490871A Network Trojan was detected192.168.2.54971578.47.63.132443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T23:59:45.970547+010020593311Malware Command and Control Activity Detected192.168.2.54972178.47.63.132443TCP
            2025-03-11T23:59:47.672068+010020593311Malware Command and Control Activity Detected192.168.2.54972278.47.63.132443TCP
            2025-03-11T23:59:48.650625+010020593311Malware Command and Control Activity Detected192.168.2.54972378.47.63.132443TCP
            2025-03-11T23:59:49.775492+010020593311Malware Command and Control Activity Detected192.168.2.54972478.47.63.132443TCP
            2025-03-11T23:59:52.980105+010020593311Malware Command and Control Activity Detected192.168.2.54972578.47.63.132443TCP
            2025-03-12T00:00:02.581943+010020593311Malware Command and Control Activity Detected192.168.2.54974678.47.63.132443TCP
            2025-03-12T00:00:03.482932+010020593311Malware Command and Control Activity Detected192.168.2.54974778.47.63.132443TCP
            2025-03-12T00:00:04.790559+010020593311Malware Command and Control Activity Detected192.168.2.54974878.47.63.132443TCP
            2025-03-12T00:00:05.810741+010020593311Malware Command and Control Activity Detected192.168.2.54974978.47.63.132443TCP
            2025-03-12T00:00:08.911319+010020593311Malware Command and Control Activity Detected192.168.2.54975078.47.63.132443TCP
            2025-03-12T00:00:16.574294+010020593311Malware Command and Control Activity Detected192.168.2.54976378.47.63.132443TCP
            2025-03-12T00:00:18.215734+010020593311Malware Command and Control Activity Detected192.168.2.54976878.47.63.132443TCP
            2025-03-12T00:00:19.101083+010020593311Malware Command and Control Activity Detected192.168.2.54977878.47.63.132443TCP
            2025-03-12T00:00:24.227871+010020593311Malware Command and Control Activity Detected192.168.2.54981478.47.63.132443TCP
            2025-03-12T00:00:32.793012+010020593311Malware Command and Control Activity Detected192.168.2.54985378.47.63.132443TCP
            2025-03-12T00:00:35.386085+010020593311Malware Command and Control Activity Detected192.168.2.54986178.47.63.132443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T23:59:08.890127+010028032742Potentially Bad Traffic192.168.2.549708172.67.74.152443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T23:59:48.650625+010028596361Malware Command and Control Activity Detected192.168.2.54972378.47.63.132443TCP
            2025-03-11T23:59:49.775492+010028596361Malware Command and Control Activity Detected192.168.2.54972478.47.63.132443TCP
            2025-03-11T23:59:52.980105+010028596361Malware Command and Control Activity Detected192.168.2.54972578.47.63.132443TCP
            2025-03-12T00:00:04.790559+010028596361Malware Command and Control Activity Detected192.168.2.54974878.47.63.132443TCP
            2025-03-12T00:00:05.810741+010028596361Malware Command and Control Activity Detected192.168.2.54974978.47.63.132443TCP
            2025-03-12T00:00:08.911319+010028596361Malware Command and Control Activity Detected192.168.2.54975078.47.63.132443TCP
            2025-03-12T00:00:18.215734+010028596361Malware Command and Control Activity Detected192.168.2.54976878.47.63.132443TCP
            2025-03-12T00:00:19.101083+010028596361Malware Command and Control Activity Detected192.168.2.54977878.47.63.132443TCP
            2025-03-12T00:00:24.227871+010028596361Malware Command and Control Activity Detected192.168.2.54981478.47.63.132443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2025-03-11T23:59:29.384296+010028593781Malware Command and Control Activity Detected192.168.2.54971378.47.63.132443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: TEDGRQXB.exeAvira: detected
            Found malware configuration
            Source: 2.2.TEDGRQXB.exe.400000.0.unpackMalware Configuration Extractor: Vidar {"C2 url": "https://steamcommunity.com/profiles/76561199832267488", "Botnet": "dqu220"}
            Multi AV Scanner detection for submitted file
            Source: TEDGRQXB.exeVirustotal: Detection: 52%Perma Link
            Source: TEDGRQXB.exeReversingLabs: Detection: 57%
            Joe Sandbox ML detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00406A10 StrStrA,lstrlenA,LocalAlloc,CryptUnprotectData,LocalAlloc,LocalFree,lstrlenA,2_2_00406A10
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00410830 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,GetLastError,GetProcessHeap,HeapFree,2_2_00410830
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0040A150 BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,2_2_0040A150
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00406CF0 LocalAlloc,BCryptDecrypt,2_2_00406CF0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00406940 BCryptCloseAlgorithmProvider,BCryptDestroyKey,2_2_00406940
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0040A560 StrCmpCA,BCryptCloseAlgorithmProvider,BCryptDestroyKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,2_2_0040A560
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00406980 BCryptOpenAlgorithmProvider,BCryptSetProperty,BCryptGenerateSymmetricKey,BCryptCloseAlgorithmProvider,BCryptDestroyKey,2_2_00406980
            Source: TEDGRQXB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49711 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49725 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49814 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49816 version: TLS 1.2
            Source: TEDGRQXB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EADAAE FindFirstFileExW,0_2_00EADAAE
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EADB5F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00EADB5F
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00414E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,2_2_00414E70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00407210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,2_2_00407210
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0040B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,2_2_0040B6B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00415EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,2_2_00415EB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00408360 FindFirstFileA,CopyFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindClose,2_2_00408360
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00413FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,2_2_00413FD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_004013F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,2_2_004013F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00413580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindClose,2_2_00413580
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_004097B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,2_2_004097B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0040ACD0 wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,lstrlenA,DeleteFileA,CopyFileA,FindClose,2_2_0040ACD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00408C90 lstrcpyA,lstrcatA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,FindClose,DeleteFileA,_invalid_parameter_noinfo_noreturn,2_2_00408C90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00414950 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_00414950
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00409560 ??2@YAPAXI@Z,??2@YAPAXI@Z,_invalid_parameter_noinfo_noreturn,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,2_2_00409560
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00EADAAE FindFirstFileExW,2_2_00EADAAE
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00EADB5F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00EADB5F
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00413AF0 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,2_2_00413AF0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: chrome.exeMemory has grown: Private usage: 1MB later: 40MB

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2859378 - Severity 1 - ETPRO MALWARE Win32/Stealc/Vidar Stealer Host Details Exfil (POST) M2 : 192.168.2.5:49713 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49722 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2049087 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M1 : 192.168.2.5:49715 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49721 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49746 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49747 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49763 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49724 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49724 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49723 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49723 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49750 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49750 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49749 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49749 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49725 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49725 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 78.47.63.132:443 -> 192.168.2.5:49717
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49768 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49768 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2051831 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config M1 : 78.47.63.132:443 -> 192.168.2.5:49719
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49778 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49778 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49814 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49814 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49748 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2859636 - Severity 1 - ETPRO MALWARE Vidar/StealC CnC Exfil via SQL Database (POST) : 192.168.2.5:49748 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49853 -> 78.47.63.132:443
            Source: Network trafficSuricata IDS: 2059331 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Style Headers In HTTP POST M2 : 192.168.2.5:49861 -> 78.47.63.132:443
            C2 URLs / IPs found in malware configuration
            Source: Malware configuration extractorURLs: https://steamcommunity.com/profiles/76561199832267488
            Source: global trafficHTTP traffic detected: GET /g_etcontent HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: Joe Sandbox ViewIP Address: 23.44.201.15 23.44.201.15
            Source: Joe Sandbox ViewIP Address: 2.22.242.11 2.22.242.11
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49708 -> 172.67.74.152:443
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
            Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.14
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.38
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 216.58.206.67
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
            Source: unknownTCP traffic detected without corresponding DNS query: 216.58.206.67
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 92.123.104.33
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.49
            Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.49
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.49
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.88
            Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.88
            Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.88
            Source: unknownTCP traffic detected without corresponding DNS query: 18.164.124.98
            Source: unknownTCP traffic detected without corresponding DNS query: 18.164.124.98
            Source: unknownTCP traffic detected without corresponding DNS query: 18.164.124.98
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: unknownTCP traffic detected without corresponding DNS query: 23.209.72.39
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00403850 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,InternetSetOptionA,HttpSendRequestA,HttpQueryInfoA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,2_2_00403850
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: AutoItHost: api.ipify.orgCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: AutoItHost: api.ipify.org
            Source: global trafficHTTP traffic detected: GET /api/json/ip/5SPfwvEV3gwc55pvxBQOnjhEt01fgi0C/73.128.89.132 HTTP/1.1User-Agent: AutoItHost: ipqualityscore.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /g_etcontent HTTP/1.1Host: t.meConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0Host: t.formaxprime.co.ukConnection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiJo8sBCIWgzQEI9s/OAQiB1s4BCNLgzgEI8ePOAQiv5M4BCOLkzgEIi+XOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIkqHLAQiJo8sBCIWgzQEI9s/OAQiB1s4BCNLgzgEI8ePOAQiv5M4BCOLkzgEIi+XOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531 HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
            Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/SSR-extension.1e1de479ffc2b85d14c8.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-viewport-height: 874sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.5sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=9|RefA=AB55E306178A4260B140085018AD5FE9.RefC=2025-03-11T23:00:15Z; USRLOC=; MUID=390BF5B215C66C813DC9E01E14F96DFA; MUIDB=390BF5B215C66C813DC9E01E14F96DFA; _EDGE_S=F=1&SID=0D9AA852F26C62DE0764BDFEF3CA636E; _EDGE_V=1
            Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/web-worker.948ffa5ea2d441a35f55.js HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.5sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 100sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 4gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; sptmarket=en-GB||us|en-us|en-us|en||cf=9|RefA=AB55E306178A4260B140085018AD5FE9.RefC=2025-03-11T23:00:15Z; USRLOC=; MUID=390BF5B215C66C813DC9E01E14F96DFA; MUIDB=390BF5B215C66C813DC9E01E14F96DFA; _EDGE_S=F=1&SID=0D9AA852F26C62DE0764BDFEF3CA636E; _EDGE_V=1
            Source: global trafficHTTP traffic detected: GET /crx/blobs/Ad_brx23lef_cW590ESOTTAroOhZ9si0XFJIUC52j2ILHW1VLB5ou6c0RgLWwGr1aRJJZ0WPNyiPBYgIpWfykvhKW-6BLzMRsp9ykw5f6ReBQmPpO6WB9pcSJPfykLTHDjYAxlKa5bf72z8tHS5eXuTavTP1h4WZBjSs/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_89_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
            Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/vendors.cb5d86730a0bdbdd55a4.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
            Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/microsoft.c1f2f2c818c03b7d76c6.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
            Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/common.41f9102ebf55f037c91d.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
            Source: global trafficHTTP traffic detected: GET /bundles/v1/edgeChromium/latest/experience.6956f4a50d95807c6fa7.js HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://ntp.msn.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
            Source: global trafficHTTP traffic detected: GET /statics/icons/favicon_newtabpage.png HTTP/1.1Host: assets.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=390BF5B215C66C813DC9E01E14F96DFA; _EDGE_S=F=1&SID=0D9AA852F26C62DE0764BDFEF3CA636E; _EDGE_V=1
            Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741734024364&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=ab55e306178a4260b140085018ad5fe9&activityId=ab55e306178a4260b140085018ad5fe9&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0 HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_ETH=1; USRLOC=; MUID=390BF5B215C66C813DC9E01E14F96DFA; _EDGE_S=F=1&SID=0D9AA852F26C62DE0764BDFEF3CA636E; _EDGE_V=1
            Source: global trafficHTTP traffic detected: GET /b?rn=1741734024364&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=390BF5B215C66C813DC9E01E14F96DFA&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
            Source: global trafficHTTP traffic detected: GET /b2?rn=1741734024364&c1=2&c2=3000001&cs_ucfr=1&c7=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2Btab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp%26mkt%3Den-us&c8=New+tab&c9=&cs_fpid=390BF5B215C66C813DC9E01E14F96DFA&cs_fpit=o&cs_fpdm=*null&cs_fpdt=*null HTTP/1.1Host: sb.scorecardresearch.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: UID=1210315fa52b40bbbb9919b1741734025; XID=1210315fa52b40bbbb9919b1741734025
            Source: global trafficHTTP traffic detected: GET /edge/ntp?locale=en-GB&title=New+tab&enableForceCache=true HTTP/1.1Host: ntp.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-viewport-height: 876sec-ch-ua-arch: "x86"sec-ch-viewport-width: 1232sec-ch-ua-platform-version: "10.0.0"downlink: 1.45sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Microsoft Edge";v="117.0.2045.47", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-model: ""sec-ch-prefers-color-scheme: lightsec-ch-ua-platform: "Windows"device-memory: 8rtt: 400sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-full-version: "117.0.2045.47"sec-ch-dpr: 1ect: 3gAccept: */*sec-edge-ntp: {"back_block":0,"bg_cur":{},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"","show_greet":true,"vt_opened":false}Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=9|RefA=AB55E306178A4260B140085018AD5FE9.RefC=2025-03-11T23:00:15Z; USRLOC=; MUID=390BF5B215C66C813DC9E01E14F96DFA; MUIDB=390BF5B215C66C813DC9E01E14F96DFA; _EDGE_S=F=1&SID=0D9AA852F26C62DE0764BDFEF3CA636E; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=ae9c82f6-57de-4323-aba8-efdb4148aef1; ai_session=vTqqgr/CRV+/HfWyCMEVBJ|1741734024359|1741734024359; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=9|RefA=AB55E306178A4260B140085018AD5FE9.RefC=2025-03-11T23:00:15Z
            Source: global trafficHTTP traffic detected: GET /edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true HTTP/1.1Host: ntp.msn.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-edge-ntp: {"back_block":0,"bg_cur":{"configIndex":17,"imageId":"BB1msyCB","provider":"CMSImage","userSelected":false},"bg_img_typ":"bing","exp":["msQuickLinksDefaultOneRow","msShoppingWebAssistOnNtp","msShoppingHistogramsOnNtp","msEnableWinHPNewTabBackButtonFocusAndClose","msCustomMaxQuickLinks","msMaxQuickLinksAt20","msAllowThemeInstallationFromChromeStore","msEdgeSplitWindowLinkMode"],"feed":0,"feed_dis":"onscroll","layout":1,"quick_links_opt":1,"sel_feed_piv":"myFeed","show_greet":true,"vt_opened":false,"wpo_nx":{"v":"2","wgt":{"src":"default"}}}Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: _C_Auth=; pglt-edgeChromium-dhp=547; sptmarket=en-GB||us|en-us|en-us|en||cf=9|RefA=AB55E306178A4260B140085018AD5FE9.RefC=2025-03-11T23:00:15Z; USRLOC=; MUID=390BF5B215C66C813DC9E01E14F96DFA; MUIDB=390BF5B215C66C813DC9E01E14F96DFA; _EDGE_S=F=1&SID=0D9AA852F26C62DE0764BDFEF3CA636E; _EDGE_V=1; MicrosoftApplicationsTelemetryDeviceId=ae9c82f6-57de-4323-aba8-efdb4148aef1; ai_session=vTqqgr/CRV+/HfWyCMEVBJ|1741734024359|1741734024359; sptmarket_restored=en-GB||us|en-us|en-us|en||cf=9|RefA=AB55E306178A4260B140085018AD5FE9.RefC=2025-03-11T23:00:15Z
            Source: global trafficHTTP traffic detected: GET /c.gif?rnd=1741734024364&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=ab55e306178a4260b140085018ad5fe9&activityId=ab55e306178a4260b140085018ad5fe9&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=AAB9671B094F4742986999F2EC91D080&MUID=390BF5B215C66C813DC9E01E14F96DFA HTTP/1.1Host: c.msn.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://ntp.msn.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: USRLOC=; MUID=390BF5B215C66C813DC9E01E14F96DFA; _EDGE_S=F=1&SID=0D9AA852F26C62DE0764BDFEF3CA636E; _EDGE_V=1; SM=T; _C_ETH=1; msnup=%7B%22cnex%22%3A%22no%22%7D
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
            Source: 000003.log7.14.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
            Source: 000003.log7.14.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
            Source: 000003.log7.14.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000006.00000002.1817335518.000000E4034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlr equals www.youtube.com (Youtube)
            Source: chrome.exe, 00000006.00000002.1817335518.000000E4034F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
            Source: global trafficDNS traffic detected: DNS query: t.me
            Source: global trafficDNS traffic detected: DNS query: t.formaxprime.co.uk
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: ntp.msn.com
            Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
            Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
            Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
            Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: multipart/form-data; boundary=----dtjmy5fkxba1n7ym79zmUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Firefox/135.0Host: t.formaxprime.co.ukContent-Length: 256Connection: Keep-AliveCache-Control: no-cache
            Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 278Expires: Tue, 11 Mar 2025 23:00:18 GMTDate: Tue, 11 Mar 2025 23:00:18 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.65f21602.1741734018.875d4a5Access-Control-Allow-Headers: *Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
            Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: AkamaiGHostMime-Version: 1.0Content-Type: text/htmlContent-Length: 278Expires: Tue, 11 Mar 2025 23:01:18 GMTDate: Tue, 11 Mar 2025 23:01:18 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.97ac2d17.1741734078.398bc9fAccess-Control-Allow-Headers: *Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
            Source: chrome.exe, 00000006.00000002.1804670174.000000E402A5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
            Source: chrome.exe, 00000006.00000002.1804905765.000000E402B1C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804836631.000000E402AEC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
            Source: chrome.exe, 00000006.00000003.1742171040.000000E40327C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816406786.000000E40327C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782541959.000000E403278000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
            Source: chrome.exe, 00000006.00000002.1802554286.000000E4022F4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.com/
            Source: chrome.exe, 00000006.00000002.1817335518.000000E4034F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
            Source: chrome.exe, 00000006.00000002.1807686633.000000E402FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
            Source: chrome.exe, 00000006.00000002.1807881217.000000E403004000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
            Source: chrome.exe, 00000006.00000002.1821377325.0000020BBD0F2000.00000002.00000001.00040000.0000000E.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://a-mo.net
            Source: chrome.exe, 00000006.00000002.1807364281.000000E402F8C000.00000004.00001000.00020000.00000000.sdmp, 8ymym7.2.drString found in binary or memory: https://ac.ecosia.org?q=
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
            Source: chrome.exe, 00000006.00000002.1802332625.000000E40224C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
            Source: chrome.exe, 00000006.00000002.1804333690.000000E402970000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804333690.000000E402930000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819122654.000000E403AF8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
            Source: chrome.exe, 00000006.00000002.1819122654.000000E403AF8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/allowlist
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/_/IdentityListAccountsHttp/cspreport/fine-allowlist
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
            Source: chrome.exe, 00000006.00000002.1802401293.000000E402284000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
            Source: chrome.exe, 00000006.00000002.1804333690.000000E402930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://acxiom.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adroll.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adsmeasurement.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adtrafficquality.google
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://akpytela.cz
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://alketech.eu
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazon-adsystem.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apex-football.com
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782411641.000000E4027D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783019918.000000E403CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://appconsent.io
            Source: msedge.exe, 0000000C.00000002.1906577708.000001602AB4A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.comse
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://assets.msn.cn/resolver/
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://assets.msn.com/resolver/
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://atomex.net
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://audienceproject.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beaconmax.com
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://bit.ly/wb-precache
            Source: chrome.exe, 00000006.00000002.1804986907.000000E402B6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bluems.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://boost-web.com
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://browser.events.data.msn.cn/
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://browser.events.data.msn.com/
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://c.msn.com/
            Source: chrome.exe, 00000006.00000003.1782570697.000000E402788000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1778077062.000000E403804000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782482682.000000E4037A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1778044754.000000E4037D4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
            Source: chrome.exe, 00000006.00000002.1806723353.000000E402E8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805675583.000000E402D24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817946242.000000E403684000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
            Source: chrome.exe, 00000006.00000002.1807364281.000000E402F8C000.00000004.00001000.00020000.00000000.sdmp, 8ymym7.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: offscreendocument_main.js.14.dr, service_worker_bin_prod.js.14.drString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/mathjax/
            Source: TEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1807364281.000000E402F8C000.00000004.00001000.00020000.00000000.sdmp, 8ymym7.2.dr, Web Data.14.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: TEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1807364281.000000E402F8C000.00000004.00001000.00020000.00000000.sdmp, 8ymym7.2.dr, Web Data.14.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: chrome.exe, 00000006.00000003.1782640926.000000E4034C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1802304958.000000E402230000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 0000000C.00000002.1910203848.000054B40016C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
            Source: manifest.json.14.drString found in binary or memory: https://chrome.google.com/webstore/
            Source: chrome.exe, 00000006.00000002.1803297171.000000E402514000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/collection/chrome_color_themes?hl=$
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
            Source: chrome.exe, 00000006.00000002.1825961524.0000020BC41A7000.00000004.10000000.00040000.00000000.sdmp, chrome.exe, 00000006.00000002.1817623705.000000E4035E4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1808076125.000000E403038000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1807881217.000000E403004000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816718117.000000E4032E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
            Source: chrome.exe, 00000006.00000003.1742334833.000000E4035D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782640926.000000E4034C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
            Source: chrome.exe, 00000006.00000003.1721615947.000000E000504000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
            Source: chrome.exe, 00000006.00000003.1721615947.000000E000504000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/AttributionReportingCrossAppWeb
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1721479151.000000E0004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
            Source: chrome.exe, 00000006.00000002.1804559545.000000E4029DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
            Source: chrome.exe, 00000006.00000002.1804559545.000000E4029DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
            Source: chrome.exe, 00000006.00000002.1802304958.000000E402230000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 0000000C.00000002.1910203848.000054B40016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.14.drString found in binary or memory: https://chromewebstore.google.com/
            Source: chrome.exe, 00000006.00000002.1805290967.000000E402BE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
            Source: chrome.exe, 00000006.00000002.1804986907.000000E402B6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
            Source: chrome.exe, 00000006.00000003.1715503600.000021E8000DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
            Source: chrome.exe, 00000006.00000002.1804670174.000000E402A5C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1802431535.000000E4022A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1802304958.000000E402230000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 0000000C.00000002.1909465805.000054B400040000.00000004.00000800.00020000.00000000.sdmp, manifest.json0.14.drString found in binary or memory: https://clients2.google.com/service/update2/crx
            Source: chrome.exe, 00000006.00000002.1804622532.000000E402A04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
            Source: chrome.exe, 00000006.00000002.1804622532.000000E402A04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
            Source: chrome.exe, 00000006.00000002.1804622532.000000E402A04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
            Source: chrome.exe, 00000006.00000002.1804670174.000000E402A5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://creative-serving.com
            Source: chrome.exe, 00000006.00000002.1802554286.000000E4022FB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
            Source: chrome.exe, 00000006.00000002.1802554286.000000E4022FB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1Cross-Origin-Opener-Policy:
            Source: chrome.exe, 00000006.00000002.1802554286.000000E4022FB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1rj
            Source: chrome.exe, 00000006.00000002.1802554286.000000E4022FB000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/cdt1
            Source: chrome.exe, 00000006.00000002.1803574380.000000E402628000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dailymotion.com
            Source: 2cc80dabc69f58b6_0.14.dr, Reporting and NEL.16.drString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://demand.supply
            Source: manifest.json0.14.drString found in binary or memory: https://docs.google.com/
            Source: chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
            Source: chrome.exe, 00000006.00000002.1817586267.000000E4035B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817182335.000000E403474000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1807686633.000000E402FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
            Source: chrome.exe, 00000006.00000002.1807686633.000000E402FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultdler
            Source: chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
            Source: chrome.exe, 00000006.00000002.1806723353.000000E402E8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805675583.000000E402D24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817946242.000000E403684000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
            Source: chrome.exe, 00000006.00000002.1806723353.000000E402E8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805675583.000000E402D24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817946242.000000E403684000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
            Source: chrome.exe, 00000006.00000002.1817182335.000000E403474000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817106303.000000E403438000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
            Source: chrome.exe, 00000006.00000002.1817106303.000000E403438000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webappHandler7
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webappalidator7
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
            Source: chrome.exe, 00000006.00000002.1806723353.000000E402E8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805675583.000000E402D24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817946242.000000E403684000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
            Source: chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817106303.000000E403438000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webappValidator
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
            Source: chrome.exe, 00000006.00000002.1806723353.000000E402E8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805675583.000000E402D24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817946242.000000E403684000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dreammail.jp
            Source: manifest.json0.14.drString found in binary or memory: https://drive-autopush.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-0.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-1.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-2.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-3.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-4.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-5.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive-daily-6.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive-preprod.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive-staging.corp.google.com/
            Source: manifest.json0.14.drString found in binary or memory: https://drive.google.com/
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
            Source: chrome.exe, 00000006.00000002.1817335518.000000E4034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1813717781.000000E403188000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817106303.000000E403438000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1807686633.000000E402FD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
            Source: TEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, 8ymym7.2.dr, Web Data.14.drString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: TEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, 8ymym7.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtabv209h
            Source: TEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, 8ymym7.2.dr, Web Data.14.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
            Source: HubApps Icons.14.dr, 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
            Source: HubApps Icons.14.dr, 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
            Source: HubApps Icons.14.dr, 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
            Source: HubApps Icons.14.dr, 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
            Source: HubApps Icons.14.dr, 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
            Source: HubApps Icons.14.dr, 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
            Source: HubApps Icons.14.dr, 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://elnacional.cat
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://eloan.co.jp
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://explorefledge.com
            Source: chrome.exe, 00000006.00000003.1778736891.000000E4038EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1779186339.000000E403914000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1778344126.000000E403898000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.google.com/icons?selected=Material
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://gaana.com/
            Source: chrome.exe, 00000006.00000002.1807364281.000000E402F8C000.00000004.00001000.00020000.00000000.sdmp, 8ymym7.2.drString found in binary or memory: https://gemini.google.com/app?q=
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783678667.000000E403D80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783647077.000000E403D64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?20
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783678667.000000E403D80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783647077.000000E403D64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic2
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1721479151.000000E0004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
            Source: chrome.exe, 00000006.00000003.1721479151.000000E0004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1721479151.000000E0004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
            Source: chrome.exe, 00000006.00000003.1721479151.000000E0004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
            Source: chrome.exe, 00000006.00000003.1721479151.000000E0004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Pre
            Source: chrome.exe, 00000006.00000003.1721479151.000000E0004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
            Source: msedge.exe, 0000000C.00000002.1910565249.000054B400300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googleadservices.com
            Source: chrome.exe, 00000006.00000002.1804870801.000000E402B00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1784153677.000000E404064000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gunosy.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i-mobile.co.jp
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://img-s-msn-com.akamaized.net/
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://img-s.msn.cn/tenant/amp/entityid/
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ingereck.net
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://jkforum.net
            Source: chrome.exe, 00000006.00000002.1818566589.000000E4039BC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1807286770.000000E402F70000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805863759.000000E402DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://kompaspublishing.nl
            Source: chrome.exe, 00000006.00000002.1803635433.000000E402660000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
            Source: chrome.exe, 00000006.00000003.1782570697.000000E402788000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1778077062.000000E403804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://logly.co.jp
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lwadm.com
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://m.kugou.com/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://m.soundcloud.com/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://m.vk.com/
            Source: chrome.exe, 00000006.00000002.1817335518.000000E4034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817182335.000000E403474000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/
            Source: chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/:
            Source: chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/J
            Source: chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817106303.000000E403438000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
            Source: chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default_defaultult
            Source: chrome.exe, 00000006.00000002.1817106303.000000E403438000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_defaulttor
            Source: chrome.exe, 00000006.00000002.1817182335.000000E403474000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
            Source: chrome.exe, 00000006.00000002.1803635433.000000E402660000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1813466150.000000E403150000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1808076125.000000E403038000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817182335.000000E403474000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817106303.000000E403438000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1802503841.000000E4022CC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
            Source: chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaultdefault
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://metro.co.uk
            Source: msedge.exe, 0000000C.00000002.1910565249.000054B400300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
            Source: msedge.exe, 0000000C.00000002.1910565249.000054B400300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
            Source: msedge.exe, 0000000C.00000002.1910565249.000054B400300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/Y
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://music.amazon.com
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://music.apple.com
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://music.yandex.com
            Source: chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805926105.000000E402E10000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818509220.000000E403994000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
            Source: chrome.exe, 00000006.00000002.1806778107.000000E402EBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1812164870.000000E4030D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805446280.000000E402C38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
            Source: chrome.exe, 00000006.00000002.1806778107.000000E402EBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1812164870.000000E4030D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805446280.000000E402C38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
            Source: chrome.exe, 00000006.00000002.1806778107.000000E402EBC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonep
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
            Source: chrome.exe, 00000006.00000002.1806778107.000000E402EBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816815029.000000E403330000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805446280.000000E402C38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
            Source: chrome.exe, 00000006.00000002.1805926105.000000E402E10000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742441365.000000E4033A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://myactivity.google.com/
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nexxen.tech
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://ntp.msn.cn/edge/ntp
            Source: 2cc80dabc69f58b6_0.14.dr, 000003.log3.14.drString found in binary or memory: https://ntp.msn.com
            Source: 000003.log9.14.dr, 000003.log2.14.drString found in binary or memory: https://ntp.msn.com/
            Source: 000003.log9.14.drString found in binary or memory: https://ntp.msn.com/0
            Source: 000003.log9.14.dr, 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://ntp.msn.com/edge/ntp
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=288
            Source: 2cc80dabc69f58b6_0.14.drString found in binary or memory: https://ntp.msn.comService-Worker-Allowed:
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
            Source: msedge.exe, 0000000C.00000002.1910565249.000054B400300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
            Source: chrome.exe, 00000006.00000002.1819554804.000000E403C94000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782411641.000000E4027D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783019918.000000E403CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
            Source: chrome.exe, 00000006.00000002.1818680079.000000E403A14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817442672.000000E403548000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
            Source: chrome.exe, 00000006.00000002.1819554804.000000E403C94000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782411641.000000E4027D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783019918.000000E403CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
            Source: chrome.exe, 00000006.00000002.1819554804.000000E403C94000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782411641.000000E4027D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783019918.000000E403CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://open-bid.com
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://open.spotify.com
            Source: chrome.exe, 00000006.00000002.1817419966.000000E40353C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817702502.000000E403604000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816562105.000000E40328C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
            Source: chrome.exe, 00000006.00000002.1817728039.000000E403610000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817419966.000000E40353C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817309308.000000E4034E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817702502.000000E403604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
            Source: chrome.exe, 00000006.00000002.1817728039.000000E403610000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817419966.000000E40353C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817702502.000000E403604000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1741720521.000000E402CB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
            Source: chrome.exe, 00000006.00000002.1817419966.000000E40353C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817702502.000000E403604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
            Source: chrome.exe, 00000006.00000002.1817419966.000000E40353C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817702502.000000E403604000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1741720521.000000E402CB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
            Source: chrome.exe, 00000006.00000002.1817419966.000000E40353C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817702502.000000E403604000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1803790478.000000E4026A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
            Source: chrome.exe, 00000006.00000002.1817419966.000000E40353C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817702502.000000E403604000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816562105.000000E40328C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
            Source: chrome.exe, 00000006.00000002.1817728039.000000E403610000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817419966.000000E40353C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817309308.000000E4034E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1741720521.000000E402CB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816562105.000000E40328C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
            Source: chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://outlook.live.com/mail/0/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
            Source: chrome.exe, 00000006.00000003.1782570697.000000E402788000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1778077062.000000E403804000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1778044754.000000E4037D4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://outlook.office.com/mail/0/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://passwords.google.comSaved
            Source: chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://passwords.google/
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
            Source: msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
            Source: chrome.exe, 00000006.00000002.1805926105.000000E402E10000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742441365.000000E4033A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://policies.google.com/
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://postrelease.com
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
            Source: chrome.exe, 00000006.00000002.1803816890.000000E4026B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: chrome.exe, 00000006.00000002.1803816890.000000E4026B9000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://quora.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://rubiconproject.com
            Source: chrome.exe, 00000006.00000002.1803600777.000000E402638000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://samplicio.us
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://sb.scorecardresearch.com/
            Source: chrome.exe, 00000006.00000002.1802623067.000000E402320000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyA2KlwBX3mkFo30om9LU
            Source: chrome.exe, 00000006.00000002.1807881217.000000E403004000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://semafor.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sephora.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shared-storage-demo-publisher-a.web.app
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
            Source: chrome.exe, 00000006.00000002.1818566589.000000E4039BC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1807286770.000000E402F70000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805863759.000000E402DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sitescout.com
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://srtb.msn.cn/
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://srtb.msn.com/
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: chrome.exe, 00000006.00000002.1803635433.000000E402660000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
            Source: TEDGRQXB.exe, TEDGRQXB.exe, 00000002.00000002.2252279103.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199832267488
            Source: TEDGRQXB.exe, 00000002.00000002.2252279103.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199832267488dqu220Mozilla/5.0
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://support.google.com/chrome/a/?p=browser_profile_details
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://support.google.com/chrome/answer/96817
            Source: chrome.exe, 00000006.00000003.1778704087.000000E402738000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://support.google.com/chromebook?p=app_intent
            Source: TEDGRQXB.exe, 00000002.00000002.2256992210.00000000047A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
            Source: TEDGRQXB.exe, 00000002.00000002.2256992210.00000000047A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
            Source: TEDGRQXB.exe, 00000002.00000003.1520833988.000000000122F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.formaxprime.co.uk
            Source: TEDGRQXB.exe, 00000002.00000003.1576840128.0000000001236000.00000004.00000020.00020000.00000000.sdmp, TEDGRQXB.exe, 00000002.00000002.2255144718.00000000043F3000.00000004.00000020.00020000.00000000.sdmp, TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.formaxprime.co.uk/
            Source: TEDGRQXB.exe, 00000002.00000003.1624572859.0000000001234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.formaxprime.co.uk/%H
            Source: TEDGRQXB.exe, 00000002.00000003.1576840128.0000000001236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.formaxprime.co.uk/-
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.formaxprime.co.uk/I
            Source: TEDGRQXB.exe, 00000002.00000003.1520833988.0000000001236000.00000004.00000020.00020000.00000000.sdmp, TEDGRQXB.exe, 00000002.00000003.1624572859.0000000001234000.00000004.00000020.00020000.00000000.sdmp, TEDGRQXB.exe, 00000002.00000003.1576840128.0000000001236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.formaxprime.co.uk/W
            Source: TEDGRQXB.exe, 00000002.00000003.1624572859.0000000001234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.formaxprime.co.uk/n
            Source: TEDGRQXB.exe, 00000002.00000003.1576840128.0000000001236000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.formaxprime.co.uk/ontent-Disposition:
            Source: TEDGRQXB.exe, 00000002.00000003.1520833988.0000000001236000.00000004.00000020.00020000.00000000.sdmp, TEDGRQXB.exe, 00000002.00000003.1624572859.0000000001234000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.formaxprime.co.uk/ukd;
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.00000000011C8000.00000004.00000020.00020000.00000000.sdmp, TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/g_etcontent
            Source: TEDGRQXB.exe, 00000002.00000002.2252279103.0000000000400000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://t.me/g_etcontentdqu220Mozilla/5.0
            Source: chrome.exe, 00000006.00000002.1807881217.000000E403004000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://taboola.com
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://tidal.com/
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://torneos.gg
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://twitter.com/
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tya-dev.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://undertone.com
            Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
            Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
            Source: edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://usemax.de
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://verve.com
            Source: TEDGRQXB.exe, 00000002.00000003.1417196225.0000000001236000.00000004.00000020.00020000.00000000.sdmp, TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001206000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://web.telegram.org/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wp.pl
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.deezer.com/
            Source: TEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1807364281.000000E402F8C000.00000004.00001000.00020000.00000000.sdmp, 8ymym7.2.drString found in binary or memory: https://www.ecosia.org/newtab/v20
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: chrome.exe, 00000006.00000003.1782640926.000000E4034C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
            Source: chrome.exe, 00000006.00000002.1818566589.000000E4039BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
            Source: chrome.exe, 00000006.00000002.1818450514.000000E403970000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
            Source: content_new.js.14.dr, content.js.14.drString found in binary or memory: https://www.google.com/chrome
            Source: chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/#safe
            Source: chrome.exe, 00000006.00000002.1804986907.000000E402B6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
            Source: chrome.exe, 00000006.00000002.1804986907.000000E402B6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783678667.000000E403D80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783647077.000000E403D64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
            Source: chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
            Source: chrome.exe, 00000006.00000002.1806778107.000000E402EBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816596672.000000E403298000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805832845.000000E402D94000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
            Source: TEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1802744900.000000E40236C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1807364281.000000E402F8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1778197336.000000E402778000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804622532.000000E402A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804034861.000000E402778000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1803436112.000000E4025D0000.00000004.00001000.00020000.00000000.sdmp, 8ymym7.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
            Source: chrome.exe, 00000006.00000002.1803635433.000000E402660000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
            Source: chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783019918.000000E403CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783678667.000000E403D80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783647077.000000E403D64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
            Source: chrome.exe, 00000006.00000002.1803600777.000000E402638000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.comAccess-Control-Allow-Credentials:
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
            Source: chrome.exe, 00000006.00000003.1784552445.000000E403E04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819400724.000000E403B9C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
            Source: chrome.exe, 00000006.00000002.1803030816.000000E4023E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: chrome.exe, 00000006.00000002.1819340977.000000E403B58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: chrome.exe, 00000006.00000002.1804622532.000000E402A04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
            Source: chrome.exe, 00000006.00000002.1819585212.000000E403CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
            Source: chrome.exe, 00000006.00000003.1778344126.000000E403884000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783293734.000000E403D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782873948.000000E403CF4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782957869.000000E403D04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782897219.000000E403CFC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1819585212.000000E403CA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
            Source: chrome.exe, 00000006.00000002.1814940572.000000E4031B4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782411641.000000E4027D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783019918.000000E403CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eebVy_fNKiM.2019.O/rt=j/m=q_dnp
            Source: chrome.exe, 00000006.00000002.1819554804.000000E403C94000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782411641.000000E4027D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783019918.000000E403CD0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.sDa5bc0wD58.L.W.O/m=qmd
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.iheart.com/podcast/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.instagram.com
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.last.fm/
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.messenger.com
            Source: TEDGRQXB.exe, 00000002.00000002.2256992210.00000000047A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
            Source: TEDGRQXB.exe, 00000002.00000002.2256992210.00000000047A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
            Source: TEDGRQXB.exe, 00000002.00000002.2256992210.00000000047A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
            Source: TEDGRQXB.exe, 00000002.00000002.2256992210.00000000047A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
            Source: TEDGRQXB.exe, 00000002.00000002.2256992210.00000000047A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
            Source: TEDGRQXB.exe, 00000002.00000002.2256992210.00000000047A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
            Source: 2cc80dabc69f58b6_1.14.drString found in binary or memory: https://www.msn.com/web-notification-icon-light.png
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.office.com
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
            Source: 53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
            Source: chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
            Source: chrome.exe, 00000006.00000002.1817335518.000000E4034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
            Source: chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1818801316.000000E403A4C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
            Source: chrome.exe, 00000006.00000002.1815881519.000000E403244000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1742026719.000000E403244000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.htmlr
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yieldlab.net
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yieldmo.com
            Source: chrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youronlinechoices.eu
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
            Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
            Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49676 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
            Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
            Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
            Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
            Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.5:49711 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49712 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49725 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49748 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49749 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49750 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49814 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 78.47.63.132:443 -> 192.168.2.5:49816 version: TLS 1.2
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00410A90 CreateStreamOnHGlobal,GetDesktopWindow,GetWindowRect,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,malloc,StrCmpCW,GetHGlobalFromStream,GlobalLock,GlobalSize,SelectObject,DeleteObject,DeleteObject,DeleteObject,ReleaseDC,CloseWindow,2_2_00410A90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00406480 memcpy,OpenDesktopA,CreateDesktopA,lstrcpyA,CreateProcessA,Sleep,CloseDesktop,2_2_00406480

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.TEDGRQXB.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
            Source: 2.2.TEDGRQXB.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
            Source: 00000002.00000002.2252279103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Finds Vidar samples based on the specific strings Author: Sekoia.io
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E714100_2_00E71410
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E36D700_2_00E36D70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E52D000_2_00E52D00
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E71E400_2_00E71E40
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E668E00_2_00E668E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E860E70_2_00E860E7
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5B0F00_2_00E5B0F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E600F00_2_00E600F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E460C00_2_00E460C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E7F8C00_2_00E7F8C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8A0C00_2_00E8A0C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EA009A0_2_00EA009A
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E768900_2_00E76890
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E910900_2_00E91090
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8F8700_2_00E8F870
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8C8700_2_00E8C870
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E468400_2_00E46840
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3A0500_2_00E3A050
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5A0500_2_00E5A050
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E588200_2_00E58820
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3E02C0_2_00E3E02C
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E748300_2_00E74830
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E828300_2_00E82830
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E310000_2_00E31000
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8B8000_2_00E8B800
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EA60000_2_00EA6000
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3B8100_2_00E3B810
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E418100_2_00E41810
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5D8100_2_00E5D810
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E749E00_2_00E749E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E439F00_2_00E439F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5A9D00_2_00E5A9D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E501A00_2_00E501A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6E1B00_2_00E6E1B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E459800_2_00E45980
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E879800_2_00E87980
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E399600_2_00E39960
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E631600_2_00E63160
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E831600_2_00E83160
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5D9700_2_00E5D970
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8C1700_2_00E8C170
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E581200_2_00E58120
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E7D9200_2_00E7D920
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3D9300_2_00E3D930
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5C9300_2_00E5C930
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6A9300_2_00E6A930
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E541000_2_00E54100
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E959100_2_00E95910
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E4F2E00_2_00E4F2E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E662C00_2_00E662C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3AAD60_2_00E3AAD6
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E632D00_2_00E632D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E7BAD00_2_00E7BAD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E72AA00_2_00E72AA0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E422B00_2_00E422B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E84AB00_2_00E84AB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8A2B00_2_00E8A2B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E902B00_2_00E902B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E862B30_2_00E862B3
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6BA800_2_00E6BA80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E82A800_2_00E82A80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5BA900_2_00E5BA90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E692900_2_00E69290
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E562600_2_00E56260
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E61A700_2_00E61A70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6EA700_2_00E6EA70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E86A700_2_00E86A70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8F2700_2_00E8F270
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E7EA400_2_00E7EA40
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8BA200_2_00E8BA20
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8CA300_2_00E8CA30
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E962300_2_00E96230
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3B2000_2_00E3B200
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E41A000_2_00E41A00
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E63A000_2_00E63A00
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6D2000_2_00E6D200
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6B2000_2_00E6B200
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E473F00_2_00E473F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E48BF00_2_00E48BF0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E70BD00_2_00E70BD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E353B00_2_00E353B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E443B00_2_00E443B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E553B00_2_00E553B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E62BB00_2_00E62BB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E42B900_2_00E42B90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E54B600_2_00E54B60
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5A3600_2_00E5A360
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E873600_2_00E87360
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EB33620_2_00EB3362
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E433700_2_00E43370
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E45B200_2_00E45B20
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E4FB200_2_00E4FB20
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EB14E80_2_00EB14E8
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E41CF00_2_00E41CF0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E914F00_2_00E914F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E43CC00_2_00E43CC0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6F4C00_2_00E6F4C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8DCB00_2_00E8DCB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E66C800_2_00E66C80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3A4900_2_00E3A490
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8E4900_2_00E8E490
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E97C900_2_00E97C90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E514400_2_00E51440
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E38C550_2_00E38C55
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E834500_2_00E83450
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E594200_2_00E59420
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E824200_2_00E82420
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E804300_2_00E80430
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E354060_2_00E35406
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E68C100_2_00E68C10
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3E5E00_2_00E3E5E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5ADE00_2_00E5ADE0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E665F00_2_00E665F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E7D5F00_2_00E7D5F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5E5C00_2_00E5E5C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E83DC00_2_00E83DC0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E4F5D00_2_00E4F5D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E495D00_2_00E495D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E85DD00_2_00E85DD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3FDB00_2_00E3FDB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E66DB00_2_00E66DB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8D5B00_2_00E8D5B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E905B00_2_00E905B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E84D800_2_00E84D80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E965800_2_00E96580
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E73D900_2_00E73D90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E44D600_2_00E44D60
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8BD600_2_00E8BD60
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6AD700_2_00E6AD70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E615700_2_00E61570
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E415400_2_00E41540
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E54D400_2_00E54D40
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E585400_2_00E58540
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E855400_2_00E85540
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E4FD300_2_00E4FD30
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5A5000_2_00E5A500
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6C5000_2_00E6C500
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E74D100_2_00E74D10
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E7C5100_2_00E7C510
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8B5100_2_00E8B510
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E4A6C00_2_00E4A6C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E9B6D20_2_00E9B6D2
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E396A00_2_00E396A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E746A00_2_00E746A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E506B00_2_00E506B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E696B00_2_00E696B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E446800_2_00E44680
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5BE800_2_00E5BE80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E59E900_2_00E59E90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E63E900_2_00E63E90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E756900_2_00E75690
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E516600_2_00E51660
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3D6700_2_00E3D670
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6A6700_2_00E6A670
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3B6500_2_00E3B650
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E64E500_2_00E64E50
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E98E500_2_00E98E50
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E92E300_2_00E92E30
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E986300_2_00E98630
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E546000_2_00E54600
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3E7E00_2_00E3E7E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E6B7F00_2_00E6B7F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E58FC00_2_00E58FC0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E65FC00_2_00E65FC0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E86FD00_2_00E86FD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E5E7A00_2_00E5E7A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E727A00_2_00E727A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8CF800_2_00E8CF80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E867480_2_00E86748
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E8EF400_2_00E8EF40
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E4C7500_2_00E4C750
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E637500_2_00E63750
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E3CF5B0_2_00E3CF5B
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E887200_2_00E88720
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E847100_2_00E84710
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00404A202_2_00404A20
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_004186302_2_00418630
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0041B7702_2_0041B770
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0041B3002_2_0041B300
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0041C1002_2_0041C100
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_004193D02_2_004193D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0041A7D02_2_0041A7D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E668E02_2_00E668E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5B0F02_2_00E5B0F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E600F02_2_00E600F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E460C02_2_00E460C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E7F8C02_2_00E7F8C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E860802_2_00E86080
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00EA009A2_2_00EA009A
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E768902_2_00E76890
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E910902_2_00E91090
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8F8702_2_00E8F870
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8C8702_2_00E8C870
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E468402_2_00E46840
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3A0502_2_00E3A050
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5A0502_2_00E5A050
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E588202_2_00E58820
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E748302_2_00E74830
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E828302_2_00E82830
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E310002_2_00E31000
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8B8002_2_00E8B800
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00EA60002_2_00EA6000
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3B8102_2_00E3B810
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E418102_2_00E41810
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E749E02_2_00E749E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E439F02_2_00E439F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5A9D02_2_00E5A9D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E501A02_2_00E501A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E459802_2_00E45980
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E879802_2_00E87980
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E399602_2_00E39960
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E631602_2_00E63160
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E831602_2_00E83160
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8C1702_2_00E8C170
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E581202_2_00E58120
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E7D9202_2_00E7D920
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E981202_2_00E98120
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3D9302_2_00E3D930
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5C9302_2_00E5C930
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E6A9302_2_00E6A930
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E541002_2_00E54100
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E959102_2_00E95910
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E4F2E02_2_00E4F2E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E862E02_2_00E862E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E662C02_2_00E662C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E632D02_2_00E632D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E7BAD02_2_00E7BAD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E72AA02_2_00E72AA0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E422B02_2_00E422B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E84AB02_2_00E84AB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E902B02_2_00E902B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E6BA802_2_00E6BA80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E82A802_2_00E82A80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5BA902_2_00E5BA90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E562602_2_00E56260
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E6EA702_2_00E6EA70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E86A702_2_00E86A70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E7EA402_2_00E7EA40
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3AA302_2_00E3AA30
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E962302_2_00E96230
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3B2002_2_00E3B200
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E41A002_2_00E41A00
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E6B2002_2_00E6B200
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E63A012_2_00E63A01
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E473F02_2_00E473F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E48BF02_2_00E48BF0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E38BD02_2_00E38BD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E70BD02_2_00E70BD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E353B02_2_00E353B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E443B02_2_00E443B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E553B02_2_00E553B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E42B902_2_00E42B90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5A3602_2_00E5A360
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E54B602_2_00E54B60
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00EB33622_2_00EB3362
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E433702_2_00E43370
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E45B202_2_00E45B20
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E4FB202_2_00E4FB20
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00EB14E82_2_00EB14E8
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E41CF02_2_00E41CF0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E914F02_2_00E914F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E43CC02_2_00E43CC0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E6F4C02_2_00E6F4C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8DCB02_2_00E8DCB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E66C802_2_00E66C80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3A4902_2_00E3A490
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8E4902_2_00E8E490
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E87C702_2_00E87C70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E514402_2_00E51440
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E594202_2_00E59420
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E824202_2_00E82420
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E804302_2_00E80430
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E354062_2_00E35406
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E714102_2_00E71410
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3E5E02_2_00E3E5E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5ADE02_2_00E5ADE0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E665F02_2_00E665F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E7D5F02_2_00E7D5F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5E5C02_2_00E5E5C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3D5D02_2_00E3D5D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E4F5D02_2_00E4F5D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E495D02_2_00E495D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E85DD02_2_00E85DD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3FDB02_2_00E3FDB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E66DB02_2_00E66DB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E905B02_2_00E905B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E84D802_2_00E84D80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E965802_2_00E96580
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E73D902_2_00E73D90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E44D602_2_00E44D60
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8BD602_2_00E8BD60
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E36D702_2_00E36D70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E6AD702_2_00E6AD70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E615702_2_00E61570
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E415402_2_00E41540
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E54D402_2_00E54D40
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E585402_2_00E58540
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E855402_2_00E85540
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E4FD302_2_00E4FD30
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5A5002_2_00E5A500
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E52D002_2_00E52D00
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E6C5002_2_00E6C500
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E74D102_2_00E74D10
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8B5102_2_00E8B510
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3CEF02_2_00E3CEF0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E4A6C02_2_00E4A6C0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E876D02_2_00E876D0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E9B6D22_2_00E9B6D2
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E396A02_2_00E396A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E746A02_2_00E746A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E506B02_2_00E506B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E696B02_2_00E696B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E446802_2_00E44680
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E59E902_2_00E59E90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E63E902_2_00E63E90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E756902_2_00E75690
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E516602_2_00E51660
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E6A6702_2_00E6A670
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E71E402_2_00E71E40
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3B6502_2_00E3B650
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E64E502_2_00E64E50
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E98E502_2_00E98E50
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E986302_2_00E98630
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E546002_2_00E54600
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3E7E02_2_00E3E7E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E6B7F02_2_00E6B7F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E58FC02_2_00E58FC0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E5E7A02_2_00E5E7A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E727A02_2_00E727A0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8CF802_2_00E8CF80
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E3DF702_2_00E3DF70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E867702_2_00E86770
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E8EF402_2_00E8EF40
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E4C7502_2_00E4C750
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E637502_2_00E63750
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E847102_2_00E84710
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: String function: 00EA8BF4 appears 34 times
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: String function: 00E9BBE0 appears 96 times
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: String function: 0040F5B0 appears 135 times
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: String function: 00EA3E4C appears 44 times
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: String function: 00410D00 appears 42 times
            Source: TEDGRQXB.exe, 00000002.00000002.2255144718.0000000004403000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs TEDGRQXB.exe
            Source: TEDGRQXB.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 2.2.TEDGRQXB.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
            Source: 2.2.TEDGRQXB.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
            Source: 00000002.00000002.2252279103.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: infostealer_win_vidar_strings_nov23 author = Sekoia.io, description = Finds Vidar samples based on the specific strings, creation_date = 2023-11-10, classification = TLP:CLEAR, version = 1.0, reference = https://twitter.com/crep1x/status/1722652451319202242, id = b2c17627-f9b8-4401-b657-1cce560edc76
            Source: TEDGRQXB.exeStatic PE information: Section: .bss ZLIB complexity 1.0003622159090908
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@73/269@16/23
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00411250 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,2_2_00411250
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\V11V672T.htmJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8180:120:WilError_03
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2668:120:WilError_03
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Temp\5956e5d8-b2bf-463b-a9da-319506b568a0.tmpJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCommand line argument: y0_2_00EA7940
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCommand line argument: y2_2_00EA7940
            Source: TEDGRQXB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile read: C:\$Recycle.Bin\S-1-5-21-2246122658-3693405117-2476756634-1003\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: chrome.exe, 00000006.00000002.1804986907.000000E402B85000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
            Source: 3e3op8qim.2.dr, m79rq1vs0.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: TEDGRQXB.exeVirustotal: Detection: 52%
            Source: TEDGRQXB.exeReversingLabs: Detection: 57%
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile read: C:\Users\user\Desktop\TEDGRQXB.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\TEDGRQXB.exe "C:\Users\user\Desktop\TEDGRQXB.exe"
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Users\user\Desktop\TEDGRQXB.exe "C:\Users\user\Desktop\TEDGRQXB.exe"
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,2253101441032793717,4721009517651061481,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=268 /prefetch:3
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,2253101441032793717,4721009517651061481,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5232 /prefetch:8
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory=Default --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2284,i,1465142929615344142,2036732362950933187,262144 /prefetch:3
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:3
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6504 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=4528 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\9h4wb" & exit
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4732 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Users\user\Desktop\TEDGRQXB.exe "C:\Users\user\Desktop\TEDGRQXB.exe"Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\9h4wb" & exitJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,2253101441032793717,4721009517651061481,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=268 /prefetch:3Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=printing.mojom.UnsandboxedPrintBackendHost --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2312,i,2253101441032793717,4721009517651061481,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=5232 /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2648 --field-trial-handle=2284,i,1465142929615344142,2036732362950933187,262144 /prefetch:3Jump to behavior
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:3
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6504 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=4528 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4732 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknown
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=4732 --field-trial-handle=2040,i,8313142932309864325,2471398215224871592,262144 /prefetch:8
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: dbghelp.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: ntshrui.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: cscapi.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: windows.staterepositoryps.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: linkinfo.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: edputil.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: appresolver.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: bcp47langs.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: slc.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: sppc.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: onecorecommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: pcacli.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeSection loaded: sfc_os.dllJump to behavior
            Source: C:\Windows\SysWOW64\timeout.exeSection loaded: version.dll
            Source: C:\Users\user\Desktop\TEDGRQXB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: TEDGRQXB.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004108E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E9BD9A push ecx; ret 0_2_00E9BDAD
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E9BD9A push ecx; ret 2_2_00E9BDAD
            Source: TEDGRQXB.exeStatic PE information: section name: .text entropy: 7.102077354688428

            Boot Survival

            barindex
            Monitors registry run keys for changes
            Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeRegistry key monitored: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004108E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeEvasive API call chain: GetSystemTime,DecisionNodes
            Source: C:\Windows\SysWOW64\timeout.exe TID: 7444Thread sleep count: 94 > 30
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EADAAE FindFirstFileExW,0_2_00EADAAE
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EADB5F FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00EADB5F
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00414E70 wsprintfA,FindFirstFileA,DeleteFileA,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,2_2_00414E70
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00407210 ExpandEnvironmentStringsA,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,CopyFileA,StrCmpCA,CopyFileA,Sleep,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,CopyFileA,DeleteFileA,StrCmpCA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,DeleteFileA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,2_2_00407210
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0040B6B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,CopyFileA,Sleep,DeleteFileA,FindClose,2_2_0040B6B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00415EB0 SHGetFolderPathA,wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strcpy,_splitpath,strcpy,strlen,isupper,wsprintfA,strcpy,strlen,SHFileOperationA,FindClose,2_2_00415EB0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00408360 FindFirstFileA,CopyFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,FindClose,2_2_00408360
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00413FD0 wsprintfA,FindFirstFileA,FindNextFileA,strlen,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,FindClose,2_2_00413FD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_004013F0 FindFirstFileA,FindClose,FindNextFileA,strlen,FindFirstFileA,DeleteFileA,FindNextFileA,CopyFileA,CopyFileA,DeleteFileA,FindClose,2_2_004013F0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00413580 wsprintfA,FindFirstFileA,memset,memset,FindNextFileA,strlen,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,memset,lstrcatA,strtok_s,SymMatchString,strtok_s,memset,lstrcatA,strtok_s,PathMatchSpecA,DeleteFileA,DeleteFileA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindClose,2_2_00413580
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_004097B0 FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,2_2_004097B0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0040ACD0 wsprintfA,FindFirstFileA,FindNextFileA,FindNextFileA,FindNextFileA,strlen,lstrlenA,DeleteFileA,CopyFileA,FindClose,2_2_0040ACD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00408C90 lstrcpyA,lstrcatA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,memset,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,CopyFileA,FindFirstFileA,FindNextFileA,strlen,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcpyA,lstrcatA,lstrcatA,lstrcatA,lstrcatA,CopyFileA,FindClose,FindClose,DeleteFileA,_invalid_parameter_noinfo_noreturn,2_2_00408C90
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00414950 GetProcessHeap,HeapAlloc,wsprintfA,FindFirstFileA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,strlen,FindClose,lstrcatA,lstrcatA,lstrcatA,lstrlenA,lstrlenA,2_2_00414950
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00409560 ??2@YAPAXI@Z,??2@YAPAXI@Z,_invalid_parameter_noinfo_noreturn,FindFirstFileA,FindNextFileA,strlen,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,2_2_00409560
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00EADAAE FindFirstFileExW,2_2_00EADAAE
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00EADB5F FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00EADB5F
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00413AF0 SymMatchString,SymMatchString,SymMatchString,GetLogicalDriveStringsA,memset,GetDriveTypeA,lstrcpyA,lstrcpyA,lstrcpyA,lstrlenA,2_2_00413AF0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0040FDD0 GetSystemInfo,wsprintfA,2_2_0040FDD0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\Jump to behavior
            Source: chrome.exe, 00000006.00000002.1817204853.000000E403480000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
            Source: Web Data.14.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
            Source: chrome.exe, 00000006.00000002.1824180130.0000020BC0266000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V ivrxgbghrqbpofe Bus\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EM
            Source: Web Data.14.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
            Source: Web Data.14.drBinary or memory string: global block list test formVMware20,11696428655
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.00000000011C8000.00000004.00000020.00020000.00000000.sdmp, TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001222000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partitions
            Source: Web Data.14.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service$
            Source: Web Data.14.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorrv
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processors
            Source: Web Data.14.drBinary or memory string: AMC password management pageVMware20,11696428655
            Source: Web Data.14.drBinary or memory string: tasks.office.comVMware20,11696428655o
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
            Source: chrome.exe, 00000006.00000002.1809332187.000000E403070000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=196e7d07-2719-4394-b213-4bd15499481d
            Source: chrome.exe, 00000006.00000003.1776486386.0000020BC2627000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1776324633.0000020BC261A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 048
            Source: chrome.exe, 00000006.00000002.1824180130.0000020BC0283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partitionui
            Source: Web Data.14.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
            Source: Web Data.14.drBinary or memory string: interactivebrokers.comVMware20,11696428655
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition!
            Source: chrome.exe, 00000006.00000003.1773023031.0000020BC2537000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTLBVMWare
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V ivrxgbghrqbpofe Bus Pipes
            Source: Web Data.14.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
            Source: Web Data.14.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
            Source: chrome.exe, 00000006.00000003.1776243124.0000020BC2686000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/
            Source: chrome.exe, 00000006.00000002.1824180130.0000020BC0283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipest
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service5
            Source: Web Data.14.drBinary or memory string: bankofamerica.comVMware20,11696428655x
            Source: chrome.exe, 00000006.00000002.1824180130.0000020BC02E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::$DATAeHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor.0.0
            Source: chrome.exe, 00000006.00000002.1824180130.0000020BC0283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus PipesYt]
            Source: Web Data.14.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
            Source: chrome.exe, 00000006.00000003.1772626944.0000020BC2549000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: combined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root
            Source: TEDGRQXB.exe, 00000002.00000002.2253650108.0000000003DE3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D:EE
            Source: Web Data.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
            Source: chrome.exe, 00000006.00000002.1819122654.000000E403AF8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisorb^
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
            Source: Web Data.14.drBinary or memory string: discord.comVMware20,11696428655f
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration ServicebN
            Source: chrome.exe, 00000006.00000002.1824180130.0000020BC0283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
            Source: chrome.exe, 00000006.00000003.1772626944.0000020BC2549000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1824814546.0000020BC2550000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virto
            Source: Web Data.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
            Source: chrome.exe, 00000006.00000002.1824180130.0000020BC0283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partition
            Source: msedge.exe, 0000000C.00000002.1910077648.000054B400120000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
            Source: Web Data.14.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
            Source: Web Data.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
            Source: chrome.exe, 00000006.00000002.1824180130.0000020BC02E1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
            Source: Web Data.14.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
            Source: Web Data.14.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Services
            Source: Web Data.14.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
            Source: Web Data.14.drBinary or memory string: outlook.office365.comVMware20,11696428655t
            Source: Web Data.14.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
            Source: chrome.exe, 00000006.00000002.1820811976.0000020BBC4FA000.00000004.00000020.00020000.00000000.sdmp, msedge.exe, 0000000C.00000002.1905281351.0000016028C45000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: Web Data.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
            Source: Web Data.14.drBinary or memory string: outlook.office.comVMware20,11696428655s
            Source: Web Data.14.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
            Source: Web Data.14.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
            Source: chrome.exe, 00000006.00000003.1772626944.0000020BC2549000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1824814546.0000020BC2550000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: essions6328Inactive Sessions6330Total Sessions4806Hyper-V HypeX
            Source: Web Data.14.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V HypervisorN^
            Source: Web Data.14.drBinary or memory string: dev.azure.comVMware20,11696428655j
            Source: chrome.exe, 00000006.00000002.1824180130.0000020BC0283000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical ProcessorFtp
            Source: Web Data.14.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2507000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partition)
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partitione=%F
            Source: chrome.exe, 00000006.00000002.1824814546.0000020BC2494000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition)
            Source: Web Data.14.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
            Source: C:\Users\user\Desktop\TEDGRQXB.exeAPI call chain: ExitProcess graph end node
            Source: C:\Users\user\Desktop\TEDGRQXB.exeAPI call chain: ExitProcess graph end node
            Source: C:\Users\user\Desktop\TEDGRQXB.exeAPI call chain: ExitProcess graph end node
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E9BA66 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E9BA66
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_004108E0 LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_004108E0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EC41B4 mov edi, dword ptr fs:[00000030h]0_2_00EC41B4
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EA94EC GetProcessHeap,0_2_00EA94EC
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E9BA66 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00E9BA66
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E9BA5A SetUnhandledExceptionFilter,0_2_00E9BA5A
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EA3B9E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00EA3B9E
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E9B6AA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00E9B6AA
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E9BA66 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00E9BA66
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00EA3B9E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00EA3B9E
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00E9B6AA SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00E9B6AA

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Contains functionality to inject code into remote processes
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00EC41B4 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessW,CreateProcessW,VirtualAlloc,VirtualAlloc,GetThreadContext,Wow64GetThreadContext,ReadProcessMemory,ReadProcessMemory,VirtualAllocEx,VirtualAllocEx,GetProcAddress,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,Wow64SetThreadContext,ResumeThread,ResumeThread,0_2_00EC41B4
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\TEDGRQXB.exeMemory written: C:\Users\user\Desktop\TEDGRQXB.exe base: 400000 value starts with: 4D5AJump to behavior
            Searches for specific processes (likely to inject)
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00411250 CreateToolhelp32Snapshot,Process32First,StrCmpCA,Process32Next,StrCmpCA,CloseHandle,2_2_00411250
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00411310 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,Process32Next,StrCmpCA,OpenProcess,TerminateProcess,CloseHandle,2_2_00411310
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Users\user\Desktop\TEDGRQXB.exe "C:\Users\user\Desktop\TEDGRQXB.exe"Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\system32\cmd.exe" /c timeout /t 11 & rd /s /q "C:\ProgramData\9h4wb" & exitJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout /t 11
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,0_2_00EA88DC
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: EnumSystemLocalesW,0_2_00EAD069
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00EAD104
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,0_2_00EAD3B6
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: EnumSystemLocalesW,0_2_00EAD357
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,0_2_00EAD4D6
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: EnumSystemLocalesW,0_2_00EAD48B
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: EnumSystemLocalesW,0_2_00EA8DD7
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_00EAD57D
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,0_2_00EAD683
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00EACE18
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetKeyboardLayoutList,GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,GetLocaleInfoA,LocalFree,2_2_0040FC20
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,2_2_00EA88DC
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: EnumSystemLocalesW,2_2_00EAD069
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_00EAD104
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,2_2_00EAD3B6
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: EnumSystemLocalesW,2_2_00EAD357
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,2_2_00EAD4D6
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: EnumSystemLocalesW,2_2_00EAD48B
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: EnumSystemLocalesW,2_2_00EA8DD7
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_00EAD57D
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetLocaleInfoW,2_2_00EAD683
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_00EACE18
            Source: C:\Users\user\Desktop\TEDGRQXB.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeQueries volume information: C:\ VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 0_2_00E9C4A7 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00E9C4A7
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_00417210 EntryPoint,lstrlenW,GetWindowsDirectoryW,GetComputerNameW,GetFullPathNameA,GetUserNameW,GetFileType,GetModuleFileNameA,GetTempPathW,2_2_00417210
            Source: C:\Users\user\Desktop\TEDGRQXB.exeCode function: 2_2_0040FBC0 GetProcessHeap,HeapAlloc,GetTimeZoneInformation,wsprintfA,2_2_0040FBC0
            Source: C:\Users\user\Desktop\TEDGRQXB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: 00000002.00000003.1624552440.0000000001284000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.1520833988.0000000001236000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.1624572859.0000000001234000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.1576840128.0000000001236000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.1576840128.000000000127F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: TEDGRQXB.exe PID: 7464, type: MEMORYSTR
            Found many strings related to Crypto-Wallets (likely being stolen)
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \ElectronCash\wallets\
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum\wallets\
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: exodus.conf.json
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001222000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: info.seco
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001222000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ElectrumLTC
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001222000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: passphrase.json
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001222000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Ethereum\
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
            Source: TEDGRQXB.exe, 00000002.00000002.2253650108.0000000003DE3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *wallet*.*,*seed*.*,*btc*.*,*key*.*,*2fa*.*,*crypto*.*,*coin*.*,*private*.*,*2fa*.*,*auth*.*,*ledger*.*,*trezor*.*,*pass*.*,*wal*.*,*upbit*.*,*bcex*.*,*bithimb*.*,*hitbtc*.*,*bitflyer*.*,*kucoin*.*,*huobi*.*,*poloniex*.*,*kraken*.*,*okex*.*,*binance*.*,*bitfinex*.*,*gdax*.*,*ethereum*.*,*exodus*.*,*metamask*.*,*myetherwallet*.*,*electrum*.*,*bitcoin*.*,*blockchain*.*,*coinomi*.*,*words*.*,*meta*.*,*mask*.*,*eth*.*,*recovery*.*
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001222000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Coinomi\Coinomi\wallets\
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Exodus\exodus.wallet\
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: multidoge.wallet
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001222000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: seed.seco
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001222000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
            Source: TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \Electrum-LTC\wallets\
            Tries to harvest and steal Bitcoin Wallet information
            Source: C:\Users\user\Desktop\TEDGRQXB.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-coreJump to behavior
            Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
            Source: C:\Users\user\Desktop\TEDGRQXB.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\ConfigurationJump to behavior
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\temporary\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.jsJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\bookmarkbackups\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\2023-10\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\to-be-removed\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\db\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\events\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\security_state\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\pending_pings\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\idb\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\saved-telemetry-pings\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\minidumps\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\events\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\default\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\glean\tmp\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\datareporting\archived\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage\permanent\chrome\key4.dbJump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\key4.dbJump to behavior
            Tries to harvest and steal ftp login credentials
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
            Tries to steal Crypto Currency Wallets
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\backups\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\MultiDoge\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\config\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\Jump to behavior
            Source: C:\Users\user\Desktop\TEDGRQXB.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\Jump to behavior
            Source: Yara matchFile source: 00000002.00000002.2252794220.0000000001222000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: TEDGRQXB.exe PID: 7464, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Attempt to bypass Chrome Application-Bound Encryption
            Source: C:\Users\user\Desktop\TEDGRQXB.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
            Yara detected Vidar stealer
            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
            Source: Yara matchFile source: 00000002.00000003.1624552440.0000000001284000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.1520833988.0000000001236000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.1624572859.0000000001234000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.1576840128.0000000001236000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000003.1576840128.000000000127F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: TEDGRQXB.exe PID: 7464, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
            Native API            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Deobfuscate/Decode Files or Information            		2
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts2
            Command and Scripting Interpreter            		1
            Create Account            		1
            Extra Window Memory Injection            		3
            Obfuscated Files or Information            		1
            Credentials in Registry            		1
            Account Discovery            		Remote Desktop Protocol4
            Data from Local System            		21
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)311
            Process Injection            		2
            Software Packing            		Security Account Manager4
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Screen Capture            		1
            Remote Access Software            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            DLL Side-Loading            		NTDS35
            System Information Discovery            		Distributed Component Object ModelInput Capture4
            Non-Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Extra Window Memory Injection            		LSA Secrets1
            Query Registry            		SSHKeylogging15
            Application Layer Protocol            		Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Masquerading            		Cached Domain Credentials21
            Security Software Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            Virtualization/Sandbox Evasion            		DCSync1
            Virtualization/Sandbox Evasion            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job311
            Process Injection            		Proc Filesystem12
            Process Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1635763 Sample: TEDGRQXB.exe Startdate: 11/03/2025 Architecture: WINDOWS Score: 100 50 t.formaxprime.co.uk 2->50 52 t.me 2->52 82 Suricata IDS alerts for network traffic 2->82 84 Found malware configuration 2->84 86 Malicious sample detected (through community Yara rule) 2->86 88 5 other signatures 2->88 9 TEDGRQXB.exe 1 2->9         started        12 msedge.exe 620 2->12         started        signatures3 process4 dnsIp5 90 Attempt to bypass Chrome Application-Bound Encryption 9->90 92 Contains functionality to inject code into remote processes 9->92 94 Searches for specific processes (likely to inject) 9->94 96 Injects a PE file into a foreign processes 9->96 15 TEDGRQXB.exe 29 9->15         started        19 conhost.exe 9->19         started        56 192.168.2.16 unknown unknown 12->56 58 192.168.2.6 unknown unknown 12->58 60 239.255.255.250 unknown Reserved 12->60 21 msedge.exe 12->21         started        23 msedge.exe 12->23         started        25 msedge.exe 12->25         started        27 msedge.exe 12->27         started        signatures6 process7 dnsIp8 62 t.formaxprime.co.uk 78.47.63.132, 443, 49712, 49713 HETZNER-ASDE Germany 15->62 64 t.me 149.154.167.99, 443, 49711 TELEGRAMRU United Kingdom 15->64 66 127.0.0.1 unknown unknown 15->66 74 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->74 76 Found many strings related to Crypto-Wallets (likely being stolen) 15->76 78 Tries to harvest and steal ftp login credentials 15->78 80 3 other signatures 15->80 29 msedge.exe 2 11 15->29         started        32 chrome.exe 15->32         started        35 cmd.exe 15->35         started        68 18.164.124.98, 443, 49811, 49838 MIT-GATEWAYSUS United States 21->68 70 104.208.16.92, 443, 49831, 49857 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 21->70 72 18 other IPs or domains 21->72 signatures9 process10 dnsIp11 98 Monitors registry run keys for changes 29->98 37 msedge.exe 29->37         started        48 192.168.2.5, 138, 443, 49688 unknown unknown 32->48 39 chrome.exe 32->39         started        42 chrome.exe 32->42         started        44 conhost.exe 35->44         started        46 timeout.exe 35->46         started        signatures12 process13 dnsIp14 54 www.google.com 142.250.184.196, 443, 49730, 49731 GOOGLEUS United States 39->54

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            TEDGRQXB.exe52%VirustotalBrowse
            TEDGRQXB.exe58%ReversingLabsWin32.Trojan.Midie
            TEDGRQXB.exe100%AviraTR/Crypt.Agent.krwjm

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://permanently-removed.invalid/oauth2/v2/tokeninfo0%Avira URL Cloudsafe
            https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%Avira URL Cloudsafe
            https://permanently-removed.invalid/oauth2/v4/token0%Avira URL Cloudsafe
            https://excel.new?from=EdgeM365Shoreline0%Avira URL Cloudsafe
            https://permanently-removed.invalid/reauth/v1beta/users/0%Avira URL Cloudsafe
            https://permanently-removed.invalid/v1/issuetoken0%Avira URL Cloudsafe
            https://permanently-removed.invalid/chrome/blank.html0%Avira URL Cloudsafe
            https://permanently-removed.invalid/RotateBoundCookies0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            chrome.cloudflare-dns.com
            		162.159.61.3
            		truefalse
              		high
              t.formaxprime.co.uk
              		78.47.63.132
              		truetrue
                		unknown
                a416.dscd.akamai.net
                		2.22.242.11
                		truefalse
                  		high
                  t.me
                  		149.154.167.99
                  		truefalse
                    		high
                    a-0003.a-msedge.net
                    		204.79.197.203
                    		truefalse
                      		high
                      www.google.com
                      		142.250.184.196
                      		truefalse
                        		high
                        googlehosted.l.googleusercontent.com
                        		142.250.185.225
                        		truefalse
                          		high
                          clients2.googleusercontent.com
                          		unknown
                          		unknownfalse
                            		high
                            bzib.nelreports.net
                            		unknown
                            		unknownfalse
                              		high
                              ntp.msn.com
                              		unknown
                              		unknownfalse
                                		high

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741734024362&time-delta-to-apply-millis=use-collector-delta&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                  		high
                                  https://ntp.msn.com/edge/ntp?locale=en-GB&title=New%20tab&dsp=1&sp=Bing&isFREModalBackground=1&startpage=1&PC=U531false
                                    		high
                                    https://assets.msn.com/bundles/v1/edgeChromium/latest/vendors.cb5d86730a0bdbdd55a4.jsfalse
                                      		high
                                      https://ntp.msn.com/edge/ntp?locale=en-GB&title=New+tab&enableForceCache=truefalse
                                        		high
                                        https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=truefalse
                                          		high
                                          https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741734031980&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                            		high
                                            https://c.msn.com/c.gif?rnd=1741734024364&udc=true&pg.n=default&pg.t=dhp&pg.c=547&pg.p=anaheim&rf=&tp=https%3A%2F%2Fntp.msn.com%2Fedge%2Fntp%3Flocale%3Den-GB%26title%3DNew%2520tab%26dsp%3D1%26sp%3DBing%26isFREModalBackground%3D1%26startpage%3D1%26PC%3DU531%26ocid%3Dmsedgdhp&cvs=Browser&di=340&st.dpt=&st.sdpt=antp&subcvs=homepage&lng=en-us&rid=ab55e306178a4260b140085018ad5fe9&activityId=ab55e306178a4260b140085018ad5fe9&d.imd=false&scr=1280x1024&anoncknm=app_anon&issso=&aadState=0&ctsa=mr&CtsSyncId=AAB9671B094F4742986999F2EC91D080&MUID=390BF5B215C66C813DC9E01E14F96DFAfalse
                                              		high
                                              https://assets.msn.com/statics/icons/favicon_newtabpage.pngfalse
                                                		high
                                                https://assets.msn.com/bundles/v1/edgeChromium/latest/microsoft.c1f2f2c818c03b7d76c6.jsfalse
                                                  		high
                                                  https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741734031300&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                    		high
                                                    https://browser.events.data.msn.com/OneCollector/1.0?cors=true&content-type=application/x-json-stream&client-id=NO_AUTH&client-version=1DS-Web-JS-3.2.8&apikey=0ded60c75e44443aa3484c42c1c43fe8-9fc57d3f-fdac-4bcf-b927-75eafe60192e-7279&upload-time=1741734031303&w=0&anoncknm=app_anon&NoResponseBody=truefalse
                                                      		high
                                                      https://t.me/g_etcontentfalse
                                                        		high

                                                        URLs from Memory and Binaries

                                                        NameSourceMaliciousAntivirus DetectionReputation
                                                        https://mail.google.com/mail/?usp=installed_webappchrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1813466150.000000E403150000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1808076125.000000E403038000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817182335.000000E403474000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://duckduckgo.com/ac/?q=TEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, 8ymym7.2.dr, Web Data.14.drfalse
                                                            		high
                                                            https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 00000006.00000002.1803600777.000000E402638000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://permanently-removed.invalid/oauth2/v2/tokeninfomsedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://support.google.com/chrome/answer/6098869chrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpfalse
                                                                		high
                                                                https://ntp.msn.com/0000003.log9.14.drfalse
                                                                  		high
                                                                  https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 00000006.00000002.1804622532.000000E402A04000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://docs.google.com/document/Jchrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 00000006.00000002.1806778107.000000E402EBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1812164870.000000E4030D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805446280.000000E402C38000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/chrome.exe, 00000006.00000002.1804986907.000000E402B6C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://deff.nelreports.net/api/report?cat=msn2cc80dabc69f58b6_0.14.dr, Reporting and NEL.16.drfalse
                                                                            		high
                                                                            https://ntp.msn.cn/edge/ntp2cc80dabc69f58b6_1.14.drfalse
                                                                              		high
                                                                              https://logly.co.jpchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://support.google.com/chrome?p=desktop_tab_groupschrome.exe, 00000006.00000003.1778704087.000000E402738000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://dns-tunnel-check.googlezip.net/connectchrome.exe, 00000006.00000003.1742171040.000000E40327C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816406786.000000E40327C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782541959.000000E403278000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://docs.google.com/manifest.json0.14.drfalse
                                                                                      		high
                                                                                      https://docs.google.com/document/:chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://mail.google.com/chat/chrome.exe, 00000006.00000002.1817335518.000000E4034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805584989.000000E402CBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817182335.000000E403474000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.instagram.com53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drfalse
                                                                                            		high
                                                                                            https://dreammail.jpchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://jkforum.netchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://unisolated.invalid/chrome.exe, 00000006.00000002.1807686633.000000E402FD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://a-mo.netchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrlchrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.google.com/chrome/tips/chrome.exe, 00000006.00000002.1806778107.000000E402EBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816596672.000000E403298000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805832845.000000E402D94000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://drive.google.com/?lfhs=2chrome.exe, 00000006.00000002.1817335518.000000E4034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1813717781.000000E403188000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://duckduckgo.com/chrome_newtabv209hTEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, 8ymym7.2.drfalse
                                                                                                            		high
                                                                                                            https://ogs.google.com/widget/callout?eom=1chrome.exe, 00000006.00000002.1819554804.000000E403C94000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782411641.000000E4027D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1782919121.000000E4037B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000003.1783019918.000000E403CD0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drfalse
                                                                                                                		high
                                                                                                                http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)chrome.exe, 00000006.00000002.1804905765.000000E402B1C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804836631.000000E402AEC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://outlook.office.com/mail/compose?isExtension=true53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drfalse
                                                                                                                    		high
                                                                                                                    https://audienceproject.comchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://verve.comchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://i.y.qq.com/n2/m/index.html53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drfalse
                                                                                                                          		high
                                                                                                                          https://www.deezer.com/53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drfalse
                                                                                                                            		high
                                                                                                                            https://www.youtube.com/?feature=ytcachrome.exe, 00000006.00000002.1817335518.000000E4034F8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805186472.000000E402BAD000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.google.com/chrome/browser-tools/chrome.exe, 00000006.00000002.1804986907.000000E402B6C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonepchrome.exe, 00000006.00000002.1806778107.000000E402EBC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://csp.withgoogle.com/csp/gws/cdt1rjchrome.exe, 00000006.00000002.1802554286.000000E4022FB000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 00000006.00000002.1806723353.000000E402E8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805675583.000000E402D24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817946242.000000E403684000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://web.telegram.org/53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drfalse
                                                                                                                                        		high
                                                                                                                                        https://permanently-removed.invalid/oauth2/v4/tokenmsedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://bluems.comchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://docs.google.com/presentation/chrome.exe, 00000006.00000002.1817182335.000000E403474000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://chrome.google.com/webstorechrome.exe, 00000006.00000003.1782640926.000000E4034C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1802304958.000000E402230000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 0000000C.00000002.1910203848.000054B40016C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://atomex.netchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://cdnjs.cloudflare.com/ajax/libs/mathjax/offscreendocument_main.js.14.dr, service_worker_bin_prod.js.14.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://drive-daily-2.corp.google.com/manifest.json0.14.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://rubiconproject.comchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previewchrome.exe, 00000006.00000003.1784552445.000000E403E6C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://sitescout.comchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://unitedstates1.ss.wd.microsoft.us/edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1.14.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://apex-football.comchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=TEDGRQXB.exe, 00000002.00000002.2253894597.0000000004067000.00000004.00000020.00020000.00000000.sdmp, 8ymym7.2.dr, Web Data.14.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://usemax.dechrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://mail.google.com/chat/download?usp=chrome_defaulttorchrome.exe, 00000006.00000002.1817106303.000000E403438000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://drive-daily-1.corp.google.com/manifest.json0.14.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://excel.new?from=EdgeM365Shoreline53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp.14.drfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://www.youtube.com/chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://drive-daily-5.corp.google.com/manifest.json0.14.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 00000006.00000002.1806723353.000000E402E8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805675583.000000E402D24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817946242.000000E403684000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://eloan.co.jpchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 00000006.00000002.1806778107.000000E402EBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1812164870.000000E4030D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805446280.000000E402C38000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://docs.google.com/spreadsheets/chrome.exe, 00000006.00000002.1816780413.000000E40330C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1804956903.000000E402B44000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://postrelease.comchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://permanently-removed.invalid/chrome/blank.htmlmsedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrlchrome.exe, 00000006.00000002.1823309936.0000020BBF240000.00000002.00000001.00040000.00000011.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://permanently-removed.invalid/v1/issuetokenmsedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://shared-storage-demo-publisher-a.web.appchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://m.google.com/devicemanagement/data/apichrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://permanently-removed.invalid/reauth/v1beta/users/msedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 00000006.00000002.1806723353.000000E402E8C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1805675583.000000E402D24000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000006.00000002.1817946242.000000E403684000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&refTEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://chromewebstore.google.com/chrome.exe, 00000006.00000002.1802304958.000000E402230000.00000004.00001000.00020000.00000000.sdmp, msedge.exe, 0000000C.00000002.1910203848.000054B40016C000.00000004.00000800.00020000.00000000.sdmp, manifest.json.14.drfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://demand.supplychrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://drive-preprod.corp.google.com/manifest.json0.14.drfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://srtb.msn.cn/2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477TEDGRQXB.exe, 00000002.00000002.2252794220.0000000001287000.00000004.00000020.00020000.00000000.sdmp, srq16p.2.drfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://nexxen.techchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://chrome.google.com/webstore/manifest.json.14.drfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://assets.msn.cn/resolver/2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://clients4.google.com/chrome-syncchrome.exe, 00000006.00000002.1803110873.000000E402414000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://gemini.google.com/app?q=chrome.exe, 00000006.00000002.1807364281.000000E402F8C000.00000004.00001000.00020000.00000000.sdmp, 8ymym7.2.drfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://undertone.comchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://browser.events.data.msn.com/2cc80dabc69f58b6_1.14.drfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://creative-serving.comchrome.exe, 00000006.00000002.1808076125.000000E40304D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        https://permanently-removed.invalid/RotateBoundCookiesmsedge.exe, 0000000C.00000003.1898047324.000054B40026C000.00000004.00000800.00020000.00000000.sdmp, msedge.exe, 0000000C.00000003.1897911247.000054B400268000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                                                        		unknown

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        23.44.201.15
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                        23.200.0.151
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                        2.22.242.11
                                                                                                                                                                                                                        		a416.dscd.akamai.netEuropean Union
                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                        23.219.82.97
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                        149.154.167.99
                                                                                                                                                                                                                        		t.meUnited Kingdom
                                                                                                                                                                                                                        		62041TELEGRAMRUfalse
                                                                                                                                                                                                                        78.47.63.132
                                                                                                                                                                                                                        		t.formaxprime.co.ukGermany
                                                                                                                                                                                                                        		24940HETZNER-ASDEtrue
                                                                                                                                                                                                                        142.250.185.225
                                                                                                                                                                                                                        		googlehosted.l.googleusercontent.comUnited States
                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                        162.159.61.3
                                                                                                                                                                                                                        		chrome.cloudflare-dns.comUnited States
                                                                                                                                                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                                                        104.208.16.92
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                        23.209.72.39
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                        18.164.124.98
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		3MIT-GATEWAYSUSfalse
                                                                                                                                                                                                                        20.110.205.119
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                        204.79.197.219
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                        92.123.104.33
                                                                                                                                                                                                                        		unknownEuropean Union
                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                        142.250.184.196
                                                                                                                                                                                                                        		www.google.comUnited States
                                                                                                                                                                                                                        		15169GOOGLEUSfalse
                                                                                                                                                                                                                        23.219.82.49
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                        23.219.82.88
                                                                                                                                                                                                                        		unknownUnited States
                                                                                                                                                                                                                        		20940AKAMAI-ASN1EUfalse
                                                                                                                                                                                                                        239.255.255.250
                                                                                                                                                                                                                        		unknownReserved
                                                                                                                                                                                                                        		unknownunknownfalse
                                                                                                                                                                                                                        204.79.197.203
                                                                                                                                                                                                                        		a-0003.a-msedge.netUnited States
                                                                                                                                                                                                                        		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                                                                                                                                                                                        Private

                                                                                                                                                                                                                        IP
                                                                                                                                                                                                                        192.168.2.16
                                                                                                                                                                                                                        192.168.2.6
                                                                                                                                                                                                                        192.168.2.5
                                                                                                                                                                                                                        127.0.0.1

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                        Analysis ID:1635763
                                                                                                                                                                                                                        Start date and time:2025-03-11 23:58:16 +01:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 7m 13s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:30
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:TEDGRQXB.exe
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@73/269@16/23
                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                        • Successful, ratio: 96%
                                                                                                                                                                                                                        • Number of executed functions: 25
                                                                                                                                                                                                                        • Number of non-executed functions: 134
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .exe

                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                        • Excluded IPs from analysis (whitelisted): 142.250.181.238, 142.250.184.195, 66.102.1.84, 142.250.185.78, 142.250.185.238, 142.250.186.99, 216.58.206.46, 13.107.42.16, 204.79.197.239, 13.107.21.239, 142.250.184.206, 13.107.6.158, 51.137.3.145, 142.251.163.94, 142.251.167.94, 95.100.70.200, 4.245.163.56, 150.171.28.10, 184.86.251.22, 20.12.23.50, 20.190.159.73, 23.44.201.144, 13.107.246.40, 65.52.241.40, 23.200.3.7
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, config.edge.skype.com.trafficmanager.net, edge-domain.trafficmanager.net, slscr.update.microsoft.com, data-edge.smartscreen.microsoft.com, img-s-msn-com.akamaized.net, clientservices.googleapis.com, g.bing.com, clients2.google.com, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, login.live.com, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, prod-agic-we-2.westeurope.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, b-0005.b-msedge.net, prod-atm-wds-edge.trafficmanager.net, edge.microsoft.com, business-bing-com.b-0005.b-msedge.net, fe3cr.delivery.mp.microsoft.com, l-0007.config.skype.com, c.bing.com, edgeassetservice.azureedge.net, business.bing.com, clients.l.google.com, msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com, dual-a-0036.a-msedge.net
                                                                                                                                                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtWriteFile calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                                                                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                        No simulations

                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        23.44.201.15Sryxen-Built.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          F2024065877 (1).htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            HFONAfX2aC.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                              Purchase_Agreement_1020036.pdf.lnk.bin.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                                                                                                                                                                                                                  file.exeGet hashmaliciousBabadedaBrowse
                                                                                                                                                                                                                                    https://www.bing.com/search?q=%e8%8f%af%e7%a2%a9+TUF+GAMING+B760M-PLUS+WIFI%e4%b8%bb%e6%a9%9f%e6%9d%bf&cvid=8ed3431d674542bbaed6934068e7242d&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQABhAMgYIAhAAGEAyBggDEAAYQDIGCAQQABhAMgYIBRAAGEAyBggGEAAYQDIGCAcQABhAMgYICBAAGEAyBwgJEEUY_FXSAQgxMDUwajBqNKgCALACAA&PC=U531&FPIG=7973DC1DA237417B95A39D883F2961E8&first=121&FORM=PERE2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                      2.22.242.11f1215469392.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                        Sryxen-Built.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                          thUKanu6GD.lnkGet hashmaliciousHTMLPhisher, MalLnkBrowse
                                                                                                                                                                                                                                            https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                              https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                09.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                  95.msiGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                                    SecuriteInfo.com.Trojan.Inject5.17530.4675.11921.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                      windows.ps1Get hashmaliciousPureLog Stealer, VidarBrowse
                                                                                                                                                                                                                                                        https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiyGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                                                          23.219.82.97StarlingphysiciansSMKB478467348838.rtfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            149.154.167.99http://45.142.208.144.sslip.io/blog/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • telegram.org/img/emoji/40/F09F9889.png
                                                                                                                                                                                                                                                            http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • telegram.org/img/favicon.ico
                                                                                                                                                                                                                                                            http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                                            http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                                                            http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                                            http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                                            http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • telegram.org/?setln=pl
                                                                                                                                                                                                                                                            http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • telegram.org/
                                                                                                                                                                                                                                                            http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • telegram.dog/
                                                                                                                                                                                                                                                            LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                                                            • t.me/cinoshibot

                                                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            t.meNexol.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            biyhoksefdad.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            YuQuLoader.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            Aura.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            publicpublicpublic.xll.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            http://support.ec2-amazonaws.net?incident=RofwZT0Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 51.103.246.168
                                                                                                                                                                                                                                                            Malware.zipGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            External2.4.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            Loader.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            Superority.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            chrome.cloudflare-dns.comSecuriteInfo.com.Trojan.InstallCore.4099.24415.17034.exeGet hashmaliciousPrivateLoaderBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            f1215887448.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            f468369488.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            f492136216_mpengine_dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            Sryxen-Built.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            Sryxen-Built.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            f38186770bffa4a12a7170942b9c0d71ac736142924da24a.ps1Get hashmaliciousRHADAMANTHYSBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            thUKanu6GD.lnkGet hashmaliciousHTMLPhisher, MalLnkBrowse
                                                                                                                                                                                                                                                            • 162.159.61.3
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            ADFoyxP.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 172.64.41.3
                                                                                                                                                                                                                                                            a416.dscd.akamai.netf468369488.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 2.16.164.33
                                                                                                                                                                                                                                                            f1215469392.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 2.22.242.11
                                                                                                                                                                                                                                                            Sryxen-Built.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 2.22.242.105
                                                                                                                                                                                                                                                            Sryxen-Built.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 2.22.242.11
                                                                                                                                                                                                                                                            thUKanu6GD.lnkGet hashmaliciousHTMLPhisher, MalLnkBrowse
                                                                                                                                                                                                                                                            • 2.22.242.11
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                            • 2.22.242.105
                                                                                                                                                                                                                                                            LtCPevm69G.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Poverty Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                            • 2.22.242.105
                                                                                                                                                                                                                                                            ADFoyxP.exeGet hashmaliciousKeyLogger, StormKitty, VenomRATBrowse
                                                                                                                                                                                                                                                            • 2.22.242.105
                                                                                                                                                                                                                                                            https://www.flipsnack.com/859EECFF8D6/distribution-agreement/full-view.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 2.22.242.11
                                                                                                                                                                                                                                                            https://zsharepointonlinems.mysteriousroutes.it.com/kOPeS/#fuck@you.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 2.22.242.11
                                                                                                                                                                                                                                                            a-0003.a-msedge.netN4533DWG.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                            f1215887448.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                            N4533DWG.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                            f1215469392.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                            f492136216_mpengine_dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                            Sryxen-Built.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                            Sryxen-Built.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                            start.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                            jki-dragon-release-online-setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203
                                                                                                                                                                                                                                                            file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                            • 204.79.197.203

                                                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            AKAMAI-ASN1EUNexol.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 23.197.127.21
                                                                                                                                                                                                                                                            https://rebrand.ly/1bbw71eGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.124.11.19
                                                                                                                                                                                                                                                            https://zatp6ncab.cc.rs6.net/tn.jsp?f=001cxnICqQ2JvPHh68sPy67JcA12wTozyZ6tUXkt2fZXwkdUYMtwupLT-S4xl9B8jrFTN2ypT6neP3NkCtT6T7jkLznqRZuYP8GDL9GeN2eBUzFDN-0RDFO77xH2Hs1dfopzmnxZo5nnmpQ5j86V7OAlkc5LTVsDC46&c=fACjGJy843O2qLhy_EDw1tXsObaS44Oax9jWi5hSnXgO6cOpWOdvvQ==&ch=uDRbqb-h-hxGIaPgl5mPd8lWnKQdGcMqD3sNOjiafZx2mj0NMDi8Mw==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 23.15.178.139
                                                                                                                                                                                                                                                            SecureMessageatt.svgGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 2.19.96.57
                                                                                                                                                                                                                                                            #U25baPlay_VM-NowATTT0003.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 95.101.182.112
                                                                                                                                                                                                                                                            Play Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 2.16.100.176
                                                                                                                                                                                                                                                            http://www.whbm.com:9001/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 23.197.125.187
                                                                                                                                                                                                                                                            https://start.scholarsapply.org/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 72.247.154.153
                                                                                                                                                                                                                                                            http://a6691cd0-2aca-4f5d-b954-fae129580e64.ciamlogin.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 88.221.110.82
                                                                                                                                                                                                                                                            https://site-xtxg5.powerappsportals.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 95.101.182.65
                                                                                                                                                                                                                                                            AKAMAI-ASN1EUNexol.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 23.197.127.21
                                                                                                                                                                                                                                                            https://rebrand.ly/1bbw71eGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.124.11.19
                                                                                                                                                                                                                                                            https://zatp6ncab.cc.rs6.net/tn.jsp?f=001cxnICqQ2JvPHh68sPy67JcA12wTozyZ6tUXkt2fZXwkdUYMtwupLT-S4xl9B8jrFTN2ypT6neP3NkCtT6T7jkLznqRZuYP8GDL9GeN2eBUzFDN-0RDFO77xH2Hs1dfopzmnxZo5nnmpQ5j86V7OAlkc5LTVsDC46&c=fACjGJy843O2qLhy_EDw1tXsObaS44Oax9jWi5hSnXgO6cOpWOdvvQ==&ch=uDRbqb-h-hxGIaPgl5mPd8lWnKQdGcMqD3sNOjiafZx2mj0NMDi8Mw==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 23.15.178.139
                                                                                                                                                                                                                                                            SecureMessageatt.svgGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 2.19.96.57
                                                                                                                                                                                                                                                            #U25baPlay_VM-NowATTT0003.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 95.101.182.112
                                                                                                                                                                                                                                                            Play Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 2.16.100.176
                                                                                                                                                                                                                                                            http://www.whbm.com:9001/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 23.197.125.187
                                                                                                                                                                                                                                                            https://start.scholarsapply.org/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 72.247.154.153
                                                                                                                                                                                                                                                            http://a6691cd0-2aca-4f5d-b954-fae129580e64.ciamlogin.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 88.221.110.82
                                                                                                                                                                                                                                                            https://site-xtxg5.powerappsportals.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 95.101.182.65
                                                                                                                                                                                                                                                            AKAMAI-ASN1EUNexol.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 23.197.127.21
                                                                                                                                                                                                                                                            https://rebrand.ly/1bbw71eGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.124.11.19
                                                                                                                                                                                                                                                            https://zatp6ncab.cc.rs6.net/tn.jsp?f=001cxnICqQ2JvPHh68sPy67JcA12wTozyZ6tUXkt2fZXwkdUYMtwupLT-S4xl9B8jrFTN2ypT6neP3NkCtT6T7jkLznqRZuYP8GDL9GeN2eBUzFDN-0RDFO77xH2Hs1dfopzmnxZo5nnmpQ5j86V7OAlkc5LTVsDC46&c=fACjGJy843O2qLhy_EDw1tXsObaS44Oax9jWi5hSnXgO6cOpWOdvvQ==&ch=uDRbqb-h-hxGIaPgl5mPd8lWnKQdGcMqD3sNOjiafZx2mj0NMDi8Mw==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 23.15.178.139
                                                                                                                                                                                                                                                            SecureMessageatt.svgGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 2.19.96.57
                                                                                                                                                                                                                                                            #U25baPlay_VM-NowATTT0003.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 95.101.182.112
                                                                                                                                                                                                                                                            Play Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 2.16.100.176
                                                                                                                                                                                                                                                            http://www.whbm.com:9001/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 23.197.125.187
                                                                                                                                                                                                                                                            https://start.scholarsapply.org/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 72.247.154.153
                                                                                                                                                                                                                                                            http://a6691cd0-2aca-4f5d-b954-fae129580e64.ciamlogin.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 88.221.110.82
                                                                                                                                                                                                                                                            https://site-xtxg5.powerappsportals.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 95.101.182.65
                                                                                                                                                                                                                                                            AKAMAI-ASN1EUNexol.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                            • 23.197.127.21
                                                                                                                                                                                                                                                            https://rebrand.ly/1bbw71eGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 104.124.11.19
                                                                                                                                                                                                                                                            https://zatp6ncab.cc.rs6.net/tn.jsp?f=001cxnICqQ2JvPHh68sPy67JcA12wTozyZ6tUXkt2fZXwkdUYMtwupLT-S4xl9B8jrFTN2ypT6neP3NkCtT6T7jkLznqRZuYP8GDL9GeN2eBUzFDN-0RDFO77xH2Hs1dfopzmnxZo5nnmpQ5j86V7OAlkc5LTVsDC46&c=fACjGJy843O2qLhy_EDw1tXsObaS44Oax9jWi5hSnXgO6cOpWOdvvQ==&ch=uDRbqb-h-hxGIaPgl5mPd8lWnKQdGcMqD3sNOjiafZx2mj0NMDi8Mw==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 23.15.178.139
                                                                                                                                                                                                                                                            SecureMessageatt.svgGet hashmaliciousPhisherBrowse
                                                                                                                                                                                                                                                            • 2.19.96.57
                                                                                                                                                                                                                                                            #U25baPlay_VM-NowATTT0003.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 95.101.182.112
                                                                                                                                                                                                                                                            Play Voicemail Transcription. (387.KB).svgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 2.16.100.176
                                                                                                                                                                                                                                                            http://www.whbm.com:9001/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 23.197.125.187
                                                                                                                                                                                                                                                            https://start.scholarsapply.org/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 72.247.154.153
                                                                                                                                                                                                                                                            http://a6691cd0-2aca-4f5d-b954-fae129580e64.ciamlogin.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 88.221.110.82
                                                                                                                                                                                                                                                            https://site-xtxg5.powerappsportals.com/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            • 95.101.182.65

                                                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                            37f463bf4616ecd445d4a1937da06e19Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            • 78.47.63.132
                                                                                                                                                                                                                                                            scripthook.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            • 78.47.63.132
                                                                                                                                                                                                                                                            1776871603.exeGet hashmaliciousClipboard HijackerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            • 78.47.63.132
                                                                                                                                                                                                                                                            MG710417.exeGet hashmaliciousAzorultBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            • 78.47.63.132
                                                                                                                                                                                                                                                            RFQ.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            • 78.47.63.132
                                                                                                                                                                                                                                                            PAGOS RETRASADOS.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            • 78.47.63.132
                                                                                                                                                                                                                                                            N4533DWG.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            • 78.47.63.132
                                                                                                                                                                                                                                                            rDatosbancarios.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                                                                                                                                            • 149.154.167.99
                                                                                                                                                                                                                                                            • 78.47.63.132

                                                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                            C:\ProgramData\9h4wb\26fuaa

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\TEDGRQXB.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):98304
                                                                                                                                                                                                                                                            Entropy (8bit):0.08235737944063153
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                                                                                                                            MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                                                                                                                            SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                                                                                                                            SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                                                                                                                            SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\ProgramData\9h4wb\3e3op8qim

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\TEDGRQXB.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 2, database pages 20, cookie 0xc, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):40960
                                                                                                                                                                                                                                                            Entropy (8bit):0.8616778647394084
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:pMtA+IIkCVEq8Ma0D0HOlf/6ykwpLf/UUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:pOCCn8MouB6w9f/MiZqmvJKLPeymwil
                                                                                                                                                                                                                                                            MD5:BDDE4AD11E732420E7ABCCA946B11611
                                                                                                                                                                                                                                                            SHA1:278C3386A37BAFCA507CF4C128600B01B312DDA0
                                                                                                                                                                                                                                                            SHA-256:099AB6B902097361832FC2485E96C71C827E722FA74C09C7D08DCE9091094C1D
                                                                                                                                                                                                                                                            SHA-512:B29061A507FCAE2CB56155C5C911706E60C798D288968B210A1670C0F0D1D3F7B3B2B2919B946FED47C4975B157A56B557F71AE80A427C85C660F6B37153C9E8
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\ProgramData\9h4wb\7yc2no

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\TEDGRQXB.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3046000, file counter 2, database pages 41, 1st free page 29, free pages 1, cookie 0x25, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):196608
                                                                                                                                                                                                                                                            Entropy (8bit):0.45909911068154247
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:96:OpdTxQ+ALqL/uejzH+bF+UIYysX0lj/twfLyl0e9S8E:OpdT7IqL/tH+bF+UI3i67Kylj9
                                                                                                                                                                                                                                                            MD5:89783266A93C429FCFB9CE049053FCCD
                                                                                                                                                                                                                                                            SHA1:AC70D1404CB8588DBB685165154CA6FD01942CCE
                                                                                                                                                                                                                                                            SHA-256:AF2420C3F982037DA346ACB0722E54A466547DCCFC54C44EA84FBC1401DC15BC
                                                                                                                                                                                                                                                            SHA-512:BD3C480D62EDF9CA8F23BB17E39405E9EE2EE705EEE832F738D4C3AE5C16E3317A1822C07373CB49A8E704B3DA3D7BDC95544208C1C369322E7F8CE2E2DE93CF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......)...........%......................................................zp....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\ProgramData\9h4wb\8qiekn

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\TEDGRQXB.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 9, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):196608
                                                                                                                                                                                                                                                            Entropy (8bit):1.1213059433085482
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:384:KdM2qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:Kvq+n0E9ELyKOMq+8y9/Ow
                                                                                                                                                                                                                                                            MD5:52AEDF324F11D74BC4F73AEF0E23C283
                                                                                                                                                                                                                                                            SHA1:DEA533B547EABC60188397B8246E7FD5985E2D74
                                                                                                                                                                                                                                                            SHA-256:8724C6792B6F4274CD459138FBCCE1C8BBB38A3D4DBF6508A5E0C5314BC01730
                                                                                                                                                                                                                                                            SHA-512:5058C8351FBACEB3136978BC415A810ED2CEF5BA00B1342DEC6FDDFC8E9A301DBC775BA6EB5544E323003BA50F7B26BE95B48A3224616E0C7C896D3550E3BF34
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\ProgramData\9h4wb\8ymym7

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\TEDGRQXB.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3046000, page size 2048, file counter 5, database pages 68, cookie 0x4a, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):139264
                                                                                                                                                                                                                                                            Entropy (8bit):1.1357727439169438
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:ulsfoVZkNi61n1ulH5LpX60pjjrVuHnPqfPk:ulsfoQx1n1ulH5lNpvrVuHnPqfM
                                                                                                                                                                                                                                                            MD5:4000172BFE82B4E6FB8F9462E4331DD8
                                                                                                                                                                                                                                                            SHA1:D002133B638550C67E05D3712B8490737121AC85
                                                                                                                                                                                                                                                            SHA-256:9D3F547662D67FF17A1943CA5FD55CD6E680968319ACD8FA0D9040B000833D98
                                                                                                                                                                                                                                                            SHA-512:B8D1331D5E306E80C6B0F8B9C3A29F507F9EAA2BFAD9DC59D77F10E63971CB038ED28228873F8B04FCAE2AC05FE401637EB0745DD3F27814B921167743BE8CD9
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......D...........J......................................................zp...........<........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\ProgramData\9h4wb\jmyu37

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\TEDGRQXB.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 32768, file counter 2, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):294912
                                                                                                                                                                                                                                                            Entropy (8bit):0.08438200565341271
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:5va0zkVmvQhyn+Zoz679fqlQbGhMHPaVAL23v4U:51zkVmvQhyn+Zoz67NU
                                                                                                                                                                                                                                                            MD5:F7EEE7B0D281E250D1D8E36486F5A2C3
                                                                                                                                                                                                                                                            SHA1:309736A27E794672BD1BDFBAC69B2C6734FC25CE
                                                                                                                                                                                                                                                            SHA-256:378DD46FE8A8AAC2C430AE8A7C5C1DC3C2A343534A64A263EC9A4F1CE801985E
                                                                                                                                                                                                                                                            SHA-512:CE102A41CA4E2A27CCB27F415D2D69A75A0058BA0F600C23F63B89F30FFC982BA48336140714C522B46CC6D13EDACCE3DF0D6685D02844B8DB0AD3378DB9CABB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j......z<.{...{.{a{.z.z<z.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\ProgramData\9h4wb\m79rq1vs0

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\TEDGRQXB.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):51200
                                                                                                                                                                                                                                                            Entropy (8bit):0.8746135976761988
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                                                                                                                                                                                                            MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                                                                                                                                                                                                            SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                                                                                                                                                                                                            SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                                                                                                                                                                                                            SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\ProgramData\9h4wb\phlfc2

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\TEDGRQXB.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):155648
                                                                                                                                                                                                                                                            Entropy (8bit):0.5407252242845243
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                                                                                                                                                                                                            MD5:7B955D976803304F2C0505431A0CF1CF
                                                                                                                                                                                                                                                            SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                                                                                                                                                                                                            SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                                                                                                                                                                                                            SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\ProgramData\9h4wb\srq16p

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\TEDGRQXB.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):9504
                                                                                                                                                                                                                                                            Entropy (8bit):5.512408163813622
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
                                                                                                                                                                                                                                                            MD5:1191AEB8EAFD5B2D5C29DF9B62C45278
                                                                                                                                                                                                                                                            SHA1:584A8B78810AEE6008839EF3F1AC21FD5435B990
                                                                                                                                                                                                                                                            SHA-256:0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
                                                                                                                                                                                                                                                            SHA-512:86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\04cf934f-43a1-4920-bca3-7be215d55d0e.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):32627
                                                                                                                                                                                                                                                            Entropy (8bit):6.044608253487927
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:mMkbJ6eg6KzhXRLtkY9lBJuRhDO6vP6Oq3c5ihpgX6R1CAos:mMk16zRRSY9lP6I1pbLRos
                                                                                                                                                                                                                                                            MD5:673E493CFB312FBBE68C33A3DA967E37
                                                                                                                                                                                                                                                            SHA1:19B9CFD1862203EB5971E99F85096788DA03E6D5
                                                                                                                                                                                                                                                            SHA-256:7AEC97939F09C3DEF4A988B907549E87CB3FDF7CE42470B37D9B59751777270C
                                                                                                                                                                                                                                                            SHA-512:8DCE7D326C619A3D79050E1D1D51A1A3966D5E1F626DDE53AEBF4FCAC6C395FF652D32868BDD313FAEFD1192044EBAEB842419CAE62CDC8CD1B8DDE625646812
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\1278c174-9ed9-4795-b713-45013a867b78.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):41620
                                                                                                                                                                                                                                                            Entropy (8bit):6.091575256515503
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBBFunhDO6vP6OBWc/vK2LGoup1Xl3jVzXr4CCAo7d:z/Ps+wsI7ynEb6Phu3VlXr4CRo5
                                                                                                                                                                                                                                                            MD5:FF85F7768A41559D6C55C0DFA2AB321B
                                                                                                                                                                                                                                                            SHA1:09A1FFC6C94BE75F2314852C2B41C9620A40D84A
                                                                                                                                                                                                                                                            SHA-256:A63E36051B1D30312BC7070384EEAC29EC7B197ACBB89432890C9AE1E2A82FC8
                                                                                                                                                                                                                                                            SHA-512:FAEAB74949908C1A7FB679FA4B1A05F9035EDD2CFD16103598975D42728D3E54C512A38503B4F8695A088B828B94FE44D94672359C6EB148C26819E4D1C06C9C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\630a5dc1-55ad-46f0-af24-854f9d85dbd3.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):42497
                                                                                                                                                                                                                                                            Entropy (8bit):6.093327456132183
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkBUFuUhDO6vP6Oq3x5ihcGoup1Xl3jVzXr4CCAo7d:z/Ps+wsI7yOEh6IQchu3VlXr4CRo5
                                                                                                                                                                                                                                                            MD5:61399B60702C35DBFB9485F15A8ECF22
                                                                                                                                                                                                                                                            SHA1:BC8D644FFAAA42B094EE533788F040B9B0B61CBE
                                                                                                                                                                                                                                                            SHA-256:D6434FF6D02ACE6317EED345CC63B8E6489D175297E42D8687C82BC58721BBBD
                                                                                                                                                                                                                                                            SHA-512:5605401589A5FB47909304D439D4A48B1A1E3F5BEDE3B726C5816B6C3BD9905749080FF151548CB968A1FCDA2F3ECEE76A62A1B3AD9C9D61E9579F83F20A77A8
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\706b18e4-09f8-4a5e-87f8-e3c69f8aa190.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):42399
                                                                                                                                                                                                                                                            Entropy (8bit):6.092586329984806
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBPFuUhDO6vP6Oq35b8tcGoup1Xl3jVzXr4CCAo7d:z/Ps+wsI7ynE26IEchu3VlXr4CRo5
                                                                                                                                                                                                                                                            MD5:1C72EC9E2DFDBDEB2E7E5B16C0E27B24
                                                                                                                                                                                                                                                            SHA1:19499D3272EA1BB0CBA66EFC4013B8172AACDD7A
                                                                                                                                                                                                                                                            SHA-256:7EEB1C84167CD53BC313F01999E5034CDD1B96C3133F537F14608574F578A5BA
                                                                                                                                                                                                                                                            SHA-512:05C80B92ED7CBD726BBCF58ABFC756EE448B861FE793238891AC7C354E16D5EA35627B2D3A20B883B311C2A189FF74B7B714C4C3A8A9205DF0C7F475DD75EFAA
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\89f65ad3-5dcd-4ee1-a55e-f4cadea2dde0.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):18193
                                                                                                                                                                                                                                                            Entropy (8bit):5.716560644871433
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:384:98Ni7zcH6TVuD9hamJfk6vP6OIN3c8N5ih/qQ9CbMoqRuX8B1s3:99PlJuRhDO6vP6Oq3x5ih7CAo/
                                                                                                                                                                                                                                                            MD5:E4E082D2E9E5841D4AE7FA55E5A4AB50
                                                                                                                                                                                                                                                            SHA1:3511896B995C038D437BBD8975B75028B266C3EE
                                                                                                                                                                                                                                                            SHA-256:497D8939F8EF3F8E426F9B79C57861ED170D0A725DEB4FB34246D41BAB69FB8B
                                                                                                                                                                                                                                                            SHA-512:D12A3F5FE3DFDEF3DD29C44A2A34985EF8E2237651CB66A8B7F0FAFC1341E61BA72F29EF895814F573D453913E6775C28F112313805B83DF1A384FDC907BE3DC
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAAMAAAAAAAAAAAA=","dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"perf_center":{"efficiency_mode_v2_is_active":false,"perf_game_mode":true,"performance_mode":3,"performance_mode_is_on":false},"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"edge_ci":{"metrics_bookmark":"\u003CBookmarkList Direction='backward'>\r\n\u003C/BookmarkList>","num_healthy_bro

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\944acee9-1da9-4d14-9009-c7dc209cde6f.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                            Size (bytes):42399
                                                                                                                                                                                                                                                            Entropy (8bit):6.092586329984806
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBPFuUhDO6vP6Oq35b8tcGoup1Xl3jVzXr4CCAo7d:z/Ps+wsI7ynE26IEchu3VlXr4CRo5
                                                                                                                                                                                                                                                            MD5:1C72EC9E2DFDBDEB2E7E5B16C0E27B24
                                                                                                                                                                                                                                                            SHA1:19499D3272EA1BB0CBA66EFC4013B8172AACDD7A
                                                                                                                                                                                                                                                            SHA-256:7EEB1C84167CD53BC313F01999E5034CDD1B96C3133F537F14608574F578A5BA
                                                                                                                                                                                                                                                            SHA-512:05C80B92ED7CBD726BBCF58ABFC756EE448B861FE793238891AC7C354E16D5EA35627B2D3A20B883B311C2A189FF74B7B714C4C3A8A9205DF0C7F475DD75EFAA
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\99f65b82-5a2f-456e-867c-5b61ab68ee00.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):32550
                                                                                                                                                                                                                                                            Entropy (8bit):6.045064645834551
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:mMkbJ6eg6KzhXRLtkV9lBJuRhDO6vP6Oq3x5ihpgX6R1CAos:mMk16zRRSV9lP6IQpbLRos
                                                                                                                                                                                                                                                            MD5:A6BBC1F9350406419A716716D4CFD41E
                                                                                                                                                                                                                                                            SHA1:1F3054BB2DA411E92485C1661D4C3285D9E70C1B
                                                                                                                                                                                                                                                            SHA-256:E9C6D5F711D56528E5CD929481CF1878F848065F5A6F276CFDB968DF73BE0E3F
                                                                                                                                                                                                                                                            SHA-512:17C187C7DBC17FC1F80D9D73D56A834AD8DF31C5E320F1D65ECBB95EA825C2E4D6688B18BF7F2CBD2BD0658912995655D207811897733FD5B0670C6B143D0170
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\7647adaa-bf39-4667-8cbe-098123195135.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):107893
                                                                                                                                                                                                                                                            Entropy (8bit):4.640137257437767
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7l:fwUQC5VwBIiElEd2K57P7l
                                                                                                                                                                                                                                                            MD5:7129D4BC1D980217D137BA5631FDBB5A
                                                                                                                                                                                                                                                            SHA1:DDDC2B18DC0AC8E3821605EEDC7ABA53E0996218
                                                                                                                                                                                                                                                            SHA-256:C9EE27A10E08696ABCECBCABE93C043602C809B73289013B9CD82B95C023C272
                                                                                                                                                                                                                                                            SHA-512:3415532083D5BD995F369CBA228358C1EA74E62237E2945C82591535EF9FDA29BC66198A96AE12B80EA2B6634AE1DDE01F0B73163697D5CA1F4FC8FD13348623
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):107893
                                                                                                                                                                                                                                                            Entropy (8bit):4.640137257437767
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P7l:fwUQC5VwBIiElEd2K57P7l
                                                                                                                                                                                                                                                            MD5:7129D4BC1D980217D137BA5631FDBB5A
                                                                                                                                                                                                                                                            SHA1:DDDC2B18DC0AC8E3821605EEDC7ABA53E0996218
                                                                                                                                                                                                                                                            SHA-256:C9EE27A10E08696ABCECBCABE93C043602C809B73289013B9CD82B95C023C272
                                                                                                                                                                                                                                                            SHA-512:3415532083D5BD995F369CBA228358C1EA74E62237E2945C82591535EF9FDA29BC66198A96AE12B80EA2B6634AE1DDE01F0B73163697D5CA1F4FC8FD13348623
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D0C077-166C.pma

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                                                                                                                            Entropy (8bit):0.04133327413080559
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:1pK0o3tmP6rhZjJnbaCBDgM2cMgXXR90kAfosfhD0NQHVRQcqWN2n8y08Tcm2RGY:y0st715czhwMLdN208T2RGOD
                                                                                                                                                                                                                                                            MD5:B6D0242A8E1EA430713E714A11A3A0A3
                                                                                                                                                                                                                                                            SHA1:0E67623F2AE31A7E52728D1FB622A6174E1CE08E
                                                                                                                                                                                                                                                            SHA-256:4190F94E69FDA30EF9747C6D015E2BDCD702665F771D08F68E0DD39B86AD88F6
                                                                                                                                                                                                                                                            SHA-512:A8A18993C7E82DEA32BDDB547CB604F33CDC5D76688811700E12393EAFE10225F7A84A7DB707DAF5F35195D11BF9B26444EBBBDC3C3134A7F9922593B8914110
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:...@..@...@.....C.].....@...............`c...S..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....m.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".kfwibu20,1(.0..8..B.......2.:.M....U....e...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U..G...W6.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z...............................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-67D0C079-1724.pma

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):4194304
                                                                                                                                                                                                                                                            Entropy (8bit):0.43342874181556285
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:jEEW/MGKOJtuJMmoTkntMlrtBQJF2Jx2/t7SqDKuiECP/g1HFc:U/hft6M3TktMvOW0/t7Sq7iECP/aHy
                                                                                                                                                                                                                                                            MD5:D3FEF35387CDA68C1D2F914F1FD6428E
                                                                                                                                                                                                                                                            SHA1:492BC5EEECCEFF6C3955290E97C28F536D091823
                                                                                                                                                                                                                                                            SHA-256:15D6A4408C5D79B631EF111207FA2D8561DFCB77D416D57B0BFA015E13659B75
                                                                                                                                                                                                                                                            SHA-512:A8265FED95BC8C24F71E8C9158219788817994C43567A7FB9E953161F6461046943629B3A218EBE1254CADEC36B10E4A50768192C9295D897C2CE77525D442B5
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:...@..@...@.....C.].....@...............P...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....}.........117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?.......".kfwibu20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J...I.r.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K...G...W6.>.........."....."...2...".*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......Y@.......Y@........?........?.................?.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@................Y@.......Y@.......Y@........?........?z............<..8...#...msNurturingAssistanceHomeDependency.....

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):280
                                                                                                                                                                                                                                                            Entropy (8bit):4.166810684248574
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:FiWWltlApdeXKek1iUniIWpCWjwBVP/Sh/JzvPWVcRVEVg3WWD5etll:o1ApdeaHiKgjwBVsJDu2ziy5eX
                                                                                                                                                                                                                                                            MD5:464CD080F3EF5338515D66D178417754
                                                                                                                                                                                                                                                            SHA1:7125D1A5EDBD33192EFADC9BF228BF6F0107EAF5
                                                                                                                                                                                                                                                            SHA-256:DC8FC0A77FC7F238D6F4453111449B384F599180FE126A208AFF3FFA4FC9E547
                                                                                                                                                                                                                                                            SHA-512:C1EABB124C5C612CB78F8F03F15E38F2DA17CA3FFAFA8B0D9FFD0EB1C24A1B1FD8BE11AE44DE6EFBCD27E1D032CF5B87B17E0BA8AE0969CD529E947A0C4442B0
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:sdPC......................X..<EE..r/y..."DmHYrCHlc5lFyRGUq62R3qS1k3Ui6rBGmzkDnx9Vsbw="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\3c3b62b9-f4d9-47a0-9ee1-75700c134aaa.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):14343
                                                                                                                                                                                                                                                            Entropy (8bit):5.284125816922209
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:384:stkLA3u4HsCZ9fhqqVpbGhQwA6W6laTYt:suc3uuZ9fnDbGSjAaTYt
                                                                                                                                                                                                                                                            MD5:0F38B11E7AF0AE658114270E25ED0E45
                                                                                                                                                                                                                                                            SHA1:DB9E6E3880C2096D976C0B5E15A4CF8875248D03
                                                                                                                                                                                                                                                            SHA-256:B9BAB2F9D69F59866CBEEDD3959DABEE326FB3583E06F26D202E49D05FF364B4
                                                                                                                                                                                                                                                            SHA-512:A2CF3443221F7AA877D8891260434D9B4B183EDADF115D378342FF18CE8D9CA4EDCA462400FA9CD10BC2B60689A225CFF0B1C8D97E8A7BCF85A771EB28828140
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13386207612164045","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\53bebcff-0bdd-4d15-b50e-57aef6445cb5.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):115717
                                                                                                                                                                                                                                                            Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                            MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                            SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                            SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                            SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\66cef836-93f4-47f8-965a-b367599f781c.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):10066
                                                                                                                                                                                                                                                            Entropy (8bit):5.112336679907975
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:stkkdpHsCZ9sZihUkRmX8mbV+FVjQA66WYaFIMYxP3caJ:stkQHsCZ9fh4bGhQx6WYaTYt
                                                                                                                                                                                                                                                            MD5:CB565AEDF5CDD4EF92E74637949EC0A4
                                                                                                                                                                                                                                                            SHA1:92355B31101F801B6706DBA9AF8A412FC62BA099
                                                                                                                                                                                                                                                            SHA-256:3B5D5D2A0BFDF3689322D636813C207CEE012F4DD9B935D757D5F2860C7B5687
                                                                                                                                                                                                                                                            SHA-512:A467D8FF10D565FD4FF5D976A5C4B432BC8AAAF06F587A57E2EE04CD54F4D70339C4982D2363846F8821DA7C0AD774C463432E411DCA758B41CA620CC54CE759
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13386207612164045","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\6bd505b7-257d-48f9-a440-fcf49bf5d4ab.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                            Size (bytes):14343
                                                                                                                                                                                                                                                            Entropy (8bit):5.283948572521158
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:384:stkLA3u4HsCZ9fhqqVpbGhQwA6WAlaTYt:suc3uuZ9fnDbGSjGaTYt
                                                                                                                                                                                                                                                            MD5:C154230DB0C4F38279E4FD00BD55328C
                                                                                                                                                                                                                                                            SHA1:F47977A7479A7192F6DF85982D291E1DB1B2011E
                                                                                                                                                                                                                                                            SHA-256:D1E3DF9CFE9D4589DE6D42F97EA4221C5C743E5BAC197E09F33D76A01871CC30
                                                                                                                                                                                                                                                            SHA-512:7C4F7907C1A87AFA8B8695E64C8A1CB82BC801DAD6E29C549FF78A1D38CCFB81263B42E440BEFEEADA6F48CAAA564066E5F1518BAA6F9CA25B085D9FAA87F3B4
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13386207612164045","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\716ccb25-ce9b-4f69-86ad-10c1fa438996.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):39694
                                                                                                                                                                                                                                                            Entropy (8bit):5.562290867703745
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:TyihbF7pLGLxn5WPrvfye8F1+UoAYDCx9Tuqh0VfUC9xbog/OVqXT08oQrwByzT7:TyihbTcxn5WPrvfyeu1jaHXTvohBuTZd
                                                                                                                                                                                                                                                            MD5:CA7617C7770163944DEBEF3C407656D3
                                                                                                                                                                                                                                                            SHA1:171A42CF75DD18BB9AE8B5153F4E95FB96480326
                                                                                                                                                                                                                                                            SHA-256:5E9E60B8A92CABD65CD7A285354987AE7014C269B3DB5A3840E2CCED359ED83B
                                                                                                                                                                                                                                                            SHA-512:DBC515D283E0F2FD60702FB47EF0D14027AC9971A0C928738C0CCFD8107CA066566FD221C009872E38987FDD26AFC204C3E9FBDCF34282AC7859448B301531DF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13386207610320327","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13386207610320327","location":5,"ma

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\85b456ba-9dc5-4f7a-a813-b1c5a705c06a.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                                                                                                            Entropy (8bit):5.567340693385856
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:TbEhr5WPrvfne8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZ08nQrw22p3tuO:TbEhr5WPrvfneu1jaUvnhrt9
                                                                                                                                                                                                                                                            MD5:D0C0AD6EEE28E8950FB0E21D33167BDA
                                                                                                                                                                                                                                                            SHA1:BE3206014D865BF0DC1699D506D9B12FA136CCD1
                                                                                                                                                                                                                                                            SHA-256:2A15A5DD487149E137AE6E3C65E987CADCE00F2A3FCB4016F39C97E94908CD6B
                                                                                                                                                                                                                                                            SHA-512:88BEA7E3142C92F31E1A70749038B355944EEBAFE852A77B978CBCCAC1D6A83710E82F9B86F4B5EF6BD5F76E06A4BB6E6143303D9852A036F74FEA7A161B4F04
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13386207610320327","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13386207610320327","location":5,"ma

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\9fd375bb-f043-4fd4-8e0c-9ec6429e2f89.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                            Size (bytes):2163821
                                                                                                                                                                                                                                                            Entropy (8bit):5.2228610530262145
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:24576:v+/PN8FZfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8Dfx2mjF
                                                                                                                                                                                                                                                            MD5:ADE9A2DB4B14FEA2708A05E622882C33
                                                                                                                                                                                                                                                            SHA1:7CD2A8AA2B198E0FFF6EBA7E9B2C797230ED92B2
                                                                                                                                                                                                                                                            SHA-256:81B0D46E638A69D96A7134060B1CFC5D5C0AE2EE5E38C5AFDD8A24E2ADAE317A
                                                                                                                                                                                                                                                            SHA-512:4BA1D2924B775050A2BDAB65FE58A2F05A60C93CA40EC4E8CEF0C53EED87117E2215983E6093FC46A427671B1FBA31C6688FFDAFA8ECC70D0BA8E0EF8642B288
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):336
                                                                                                                                                                                                                                                            Entropy (8bit):5.111521110610689
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtgYVq2P923oH+Tcwt9Eh1tIFUtoRtcXgZmwCRtCHsIkwO923oH+Tcwt9Eh1H:7GRJVv4Yeb9Eh16FUtoRaXg/CR3I5LYf
                                                                                                                                                                                                                                                            MD5:5F885DAE9B9F3B8A5C4DFD6A86806713
                                                                                                                                                                                                                                                            SHA1:076DB857BA6231CA55BFB62617473289B8A75C15
                                                                                                                                                                                                                                                            SHA-256:53BCDE8DFBB18E3A680A66151A1ED3E2A72BF481AAFDC591CD7FA482E0ED5B2A
                                                                                                                                                                                                                                                            SHA-512:509F0BDA8702E29B7E193EE8D9741B1287057FFA8C8DDA708C15318401C9C71FAA8AC5ABC17DE231611E3165FD21F10F3C7DB6EFE68A9D5DEDBB9A7466809CBC
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:16.175 1b60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/03/11-19:00:16.178 1b60 Recovering log #3.2025/03/11-19:00:16.256 1b60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):336
                                                                                                                                                                                                                                                            Entropy (8bit):5.111521110610689
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtgYVq2P923oH+Tcwt9Eh1tIFUtoRtcXgZmwCRtCHsIkwO923oH+Tcwt9Eh1H:7GRJVv4Yeb9Eh16FUtoRaXg/CR3I5LYf
                                                                                                                                                                                                                                                            MD5:5F885DAE9B9F3B8A5C4DFD6A86806713
                                                                                                                                                                                                                                                            SHA1:076DB857BA6231CA55BFB62617473289B8A75C15
                                                                                                                                                                                                                                                            SHA-256:53BCDE8DFBB18E3A680A66151A1ED3E2A72BF481AAFDC591CD7FA482E0ED5B2A
                                                                                                                                                                                                                                                            SHA-512:509F0BDA8702E29B7E193EE8D9741B1287057FFA8C8DDA708C15318401C9C71FAA8AC5ABC17DE231611E3165FD21F10F3C7DB6EFE68A9D5DEDBB9A7466809CBC
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:16.175 1b60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2025/03/11-19:00:16.178 1b60 Recovering log #3.2025/03/11-19:00:16.256 1b60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):28672
                                                                                                                                                                                                                                                            Entropy (8bit):0.463193818881415
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBuCs/7:TouQq3qh7z3bY2LNW9WMcUvBuCa
                                                                                                                                                                                                                                                            MD5:66E8173C85EB04288929B63FDE1712C7
                                                                                                                                                                                                                                                            SHA1:361D3DA43BFB91B2894EE4CC61EFF6750C4A0867
                                                                                                                                                                                                                                                            SHA-256:22C9AB6D2F4719E380A45B9B1E9FEFD4C12AA7076B7DB54102A1A2CE3607C840
                                                                                                                                                                                                                                                            SHA-512:11A4E0AACEF3D9BCAB6CBA1253360D097251CE5CC6632D8849D8AADBDCE2ECE0F933D7839798513685BE19CFDD803F9B8889A0C87CAB410832F356DE8CA064E1
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):10240
                                                                                                                                                                                                                                                            Entropy (8bit):0.8708334089814068
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                                                                                                                                                            MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                                                                                                                                                            SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                                                                                                                                                            SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                                                                                                                                                            SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):348
                                                                                                                                                                                                                                                            Entropy (8bit):5.170769094563005
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtPZN+q2P923oH+TcwtnG2tMsIFUtoRtPBSZmwCRtPaEHHNVkwO923oH+Tcwj:7GRpqv4Yebn9GFUtoRpA/CRpaEz5LYeV
                                                                                                                                                                                                                                                            MD5:7C73C20DD0F6A0CF7C49D997AE0570B1
                                                                                                                                                                                                                                                            SHA1:DCE73FA83B53C85F2A6DA317F2863428965B242D
                                                                                                                                                                                                                                                            SHA-256:D6DBA21153E9BB0F3F6D1FC7EB599B0742A387760B5C4F3A536E23995AC1EC77
                                                                                                                                                                                                                                                            SHA-512:204B1E1A4F3F990B28FA76E95C2E2ACAFAD66C43A4615877C026B939BA47335F56DC3DD3128F4ECB40DF0FD86C548E449C9710F88DC34FDA5F6717F6974D39D3
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.384 1ab8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/03/11-19:00:10.385 1ab8 Recovering log #3.2025/03/11-19:00:10.386 1ab8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):348
                                                                                                                                                                                                                                                            Entropy (8bit):5.170769094563005
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtPZN+q2P923oH+TcwtnG2tMsIFUtoRtPBSZmwCRtPaEHHNVkwO923oH+Tcwj:7GRpqv4Yebn9GFUtoRpA/CRpaEz5LYeV
                                                                                                                                                                                                                                                            MD5:7C73C20DD0F6A0CF7C49D997AE0570B1
                                                                                                                                                                                                                                                            SHA1:DCE73FA83B53C85F2A6DA317F2863428965B242D
                                                                                                                                                                                                                                                            SHA-256:D6DBA21153E9BB0F3F6D1FC7EB599B0742A387760B5C4F3A536E23995AC1EC77
                                                                                                                                                                                                                                                            SHA-512:204B1E1A4F3F990B28FA76E95C2E2ACAFAD66C43A4615877C026B939BA47335F56DC3DD3128F4ECB40DF0FD86C548E449C9710F88DC34FDA5F6717F6974D39D3
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.384 1ab8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2025/03/11-19:00:10.385 1ab8 Recovering log #3.2025/03/11-19:00:10.386 1ab8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                            Entropy (8bit):0.6124823209879673
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+j8QpGV4mL:TO8D4jJ/6Up+W
                                                                                                                                                                                                                                                            MD5:65C6BE481D20B77ECD5D7A17284E6617
                                                                                                                                                                                                                                                            SHA1:4B47743F814F803743D810EFCD6A2D48D16BE39A
                                                                                                                                                                                                                                                            SHA-256:1FB94B5154D41C12BDCCAE76BE2E05C18E1E1FDA6A511FBB5DBA23336E573B59
                                                                                                                                                                                                                                                            SHA-512:707DF2D0E607742C0EA1FE3E394A2AE2384A249FD1C5DCBAA06DB8B37F6B6559CCF7E60A92205DAD4989A2E7C88D4AF45FA11D417C81F15D23F81DA8491B1068
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):375520
                                                                                                                                                                                                                                                            Entropy (8bit):5.354102079212981
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6144:GA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:GFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                                                                                                                                                            MD5:59912B7B963FEE77CFB42158C144D83E
                                                                                                                                                                                                                                                            SHA1:3FFD47D701746CD0B50ACC13BB815C8E8477E677
                                                                                                                                                                                                                                                            SHA-256:22FC4921A44D76C008FF794BBED980F03F72FF8D494F62CEEAA1478E05321F08
                                                                                                                                                                                                                                                            SHA-512:7BD1DB0EA19F845BBF8343FD4300EA9FAC2F188A8489714F6A9A30E96E30A12695DFFCE5685CC0A6B8230799C6856ABECA9CF2E6FB0AF8126A2A3E16EFDB3B82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:...m.................DB_VERSION.1.|.2q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13386207620499751..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):311
                                                                                                                                                                                                                                                            Entropy (8bit):5.162832383853816
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtCw9FD1923oH+Tcwtk2WwnvB2KLl4RtJHn3cM+q2P923oH+Tcwtk2WwnvIF2:7GRR9FmYebkxwnvFLCRvMM+v4Yebkxwp
                                                                                                                                                                                                                                                            MD5:1BF6F30754DC0CB17E45981505AFCD2D
                                                                                                                                                                                                                                                            SHA1:56C75100CA3CD759A53ED8906EECB46E01CBDFB4
                                                                                                                                                                                                                                                            SHA-256:FC751A6CCED08D9EDC21B1C3E0830C1CE76E2DC5BB3135ACE1A1F2E371628DA0
                                                                                                                                                                                                                                                            SHA-512:89DDF7A20FC1B45A1223CCEBC4DAD4242015C6273515FA34252C40AEBC52BE0A66E3746DCB52970F5D60D1F7FDEA8778BEC5B62A9C989BB6ADE68D682EEF4B0F
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:16.243 18fc Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2025/03/11-19:00:16.308 18fc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                            Size (bytes):358860
                                                                                                                                                                                                                                                            Entropy (8bit):5.324611986480985
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R4:C1gAg1zfvA
                                                                                                                                                                                                                                                            MD5:65F96D38BE4BD23E79C7DCC84869BE68
                                                                                                                                                                                                                                                            SHA1:374B61A1EBE8F830FD425DABEB429AD9737526BF
                                                                                                                                                                                                                                                            SHA-256:95816A913FBF472FFB7A3A04DC995AA18B2D5B30BC4B76F88F072E09678F28DB
                                                                                                                                                                                                                                                            SHA-512:34EBDB8A93F8E68DD6CE9E3FA57FBBD30E9AFEFE452B684FA98CD2E884CBB805983011CC896616AD4CB9731C685CEC582E503B8818D0F98365568C3E1D53965B
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                                                                                                            Entropy (8bit):5.1405860328341895
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtUi+q2P923oH+Tcwt8aPrqIFUtoRtD7ZmwCRtDLVkwO923oH+Tcwt8amLJ:7GRx+v4YebL3FUtoRl7/CRlLV5LYebQJ
                                                                                                                                                                                                                                                            MD5:189D5A884E3A5953EFA5E4FA78255514
                                                                                                                                                                                                                                                            SHA1:F774083D82FC369898151DB1FDA0C072CE5D0CCD
                                                                                                                                                                                                                                                            SHA-256:0F3947A5F1E2F8CD802503A27EBA9AF23BAEA87067BF3C9D54C084A9EE4EA865
                                                                                                                                                                                                                                                            SHA-512:F4E99D86B9116C57A3507A61AA5B54EC7462804CB56485DC40B44E3BBA9D1EF1C3819E9EB694424D3CAE39EE18B737F6246175CB0042866C68CAA8CCE7DF4FE4
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.339 b9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/03/11-19:00:10.344 b9c Recovering log #3.2025/03/11-19:00:10.344 b9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                                                                                                            Entropy (8bit):5.1405860328341895
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtUi+q2P923oH+Tcwt8aPrqIFUtoRtD7ZmwCRtDLVkwO923oH+Tcwt8amLJ:7GRx+v4YebL3FUtoRl7/CRlLV5LYebQJ
                                                                                                                                                                                                                                                            MD5:189D5A884E3A5953EFA5E4FA78255514
                                                                                                                                                                                                                                                            SHA1:F774083D82FC369898151DB1FDA0C072CE5D0CCD
                                                                                                                                                                                                                                                            SHA-256:0F3947A5F1E2F8CD802503A27EBA9AF23BAEA87067BF3C9D54C084A9EE4EA865
                                                                                                                                                                                                                                                            SHA-512:F4E99D86B9116C57A3507A61AA5B54EC7462804CB56485DC40B44E3BBA9D1EF1C3819E9EB694424D3CAE39EE18B737F6246175CB0042866C68CAA8CCE7DF4FE4
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.339 b9c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2025/03/11-19:00:10.344 b9c Recovering log #3.2025/03/11-19:00:10.344 b9c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):418
                                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                                                                                                                                                            MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                                                                                                                                                            SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                                                                                                                                                            SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                                                                                                                                                            SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                            Entropy (8bit):5.06060498096565
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRta9yq2P923oH+Tcwt865IFUtoRtcf+1ZmwCRtcjRkwO923oH+Tcwt86+ULJ:7GRlv4Yeb/WFUtoRv1/CRq5LYeb/+SJ
                                                                                                                                                                                                                                                            MD5:2A7E8AD766BBC8E300ADFB009C56EFDB
                                                                                                                                                                                                                                                            SHA1:7837A98B2D309F1CB5853334B04FECB98EBF5DBD
                                                                                                                                                                                                                                                            SHA-256:50E3D4276C8518936CB89131FA26D207D8B479B4611AE9202ADDE548B6C9C1EA
                                                                                                                                                                                                                                                            SHA-512:C6C73D4C9FD3E76D6BD21E4CB3AD0E35295C1269837BA4E2C9704C15CB66F14396A84B45B579282FA2F8CB6847205AB679CEE76968B7881F46F628DA15E05690
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.351 1ca0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/03/11-19:00:10.352 1ca0 Recovering log #3.2025/03/11-19:00:10.353 1ca0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):328
                                                                                                                                                                                                                                                            Entropy (8bit):5.06060498096565
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRta9yq2P923oH+Tcwt865IFUtoRtcf+1ZmwCRtcjRkwO923oH+Tcwt86+ULJ:7GRlv4Yeb/WFUtoRv1/CRq5LYeb/+SJ
                                                                                                                                                                                                                                                            MD5:2A7E8AD766BBC8E300ADFB009C56EFDB
                                                                                                                                                                                                                                                            SHA1:7837A98B2D309F1CB5853334B04FECB98EBF5DBD
                                                                                                                                                                                                                                                            SHA-256:50E3D4276C8518936CB89131FA26D207D8B479B4611AE9202ADDE548B6C9C1EA
                                                                                                                                                                                                                                                            SHA-512:C6C73D4C9FD3E76D6BD21E4CB3AD0E35295C1269837BA4E2C9704C15CB66F14396A84B45B579282FA2F8CB6847205AB679CEE76968B7881F46F628DA15E05690
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.351 1ca0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2025/03/11-19:00:10.352 1ca0 Recovering log #3.2025/03/11-19:00:10.353 1ca0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1254
                                                                                                                                                                                                                                                            Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                                                                                                                                                            MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                                                                                                                                                            SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                                                                                                                                                            SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                                                                                                                                                            SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                            Entropy (8bit):5.119803395246185
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtbd4q2P923oH+Tcwt8NIFUtoRtbdJZmwCRtbIDkwO923oH+Tcwt8+eLJ:7GRBev4YebpFUtoRBn/CRBm5LYebqJ
                                                                                                                                                                                                                                                            MD5:EC9327792BF94A58F94F1865A53EEE93
                                                                                                                                                                                                                                                            SHA1:EA04CE9143184D3DF9E1A9CA86A637CC885E9CF9
                                                                                                                                                                                                                                                            SHA-256:4D1F42F183E55A163B9D014C973D52F979F2041E1D895E6FF5B65C2237D55A66
                                                                                                                                                                                                                                                            SHA-512:7095CB05055AE46F0512715265BBC29EEA2BBF242654B6F114FCCE437D80312290E535C00E5A140BA820ED570AB52CFAB4021C059C02B953B48DC14D645A9AF9
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.651 1d04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/03/11-19:00:12.651 1d04 Recovering log #3.2025/03/11-19:00:12.652 1d04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                            Entropy (8bit):5.119803395246185
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtbd4q2P923oH+Tcwt8NIFUtoRtbdJZmwCRtbIDkwO923oH+Tcwt8+eLJ:7GRBev4YebpFUtoRBn/CRBm5LYebqJ
                                                                                                                                                                                                                                                            MD5:EC9327792BF94A58F94F1865A53EEE93
                                                                                                                                                                                                                                                            SHA1:EA04CE9143184D3DF9E1A9CA86A637CC885E9CF9
                                                                                                                                                                                                                                                            SHA-256:4D1F42F183E55A163B9D014C973D52F979F2041E1D895E6FF5B65C2237D55A66
                                                                                                                                                                                                                                                            SHA-512:7095CB05055AE46F0512715265BBC29EEA2BBF242654B6F114FCCE437D80312290E535C00E5A140BA820ED570AB52CFAB4021C059C02B953B48DC14D645A9AF9
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.651 1d04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2025/03/11-19:00:12.651 1d04 Recovering log #3.2025/03/11-19:00:12.652 1d04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):429
                                                                                                                                                                                                                                                            Entropy (8bit):5.809210454117189
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                                                                                                                                                            MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                                                                                                                                                            SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                                                                                                                                                            SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                                                                                                                                                            SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):8720
                                                                                                                                                                                                                                                            Entropy (8bit):0.2191763562065486
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Kmb9tFlljq7A/mhWJFuQ3yy7IOWUFTCtdweytllrE9SFcTp4AGbNCV9RUIin:BG75fOGd0Xi99pEYY
                                                                                                                                                                                                                                                            MD5:9759ECA5DFB6E03BA37B5ED5A3EBEB40
                                                                                                                                                                                                                                                            SHA1:53ADEEBB17EA81C84EF32CAC67EB17B91DBACF83
                                                                                                                                                                                                                                                            SHA-256:A5CF0B82D29C4E1C1A015297486FB0369FCBE4544103BC7927AEE2181FEB83C1
                                                                                                                                                                                                                                                            SHA-512:D0A2F44FBEA703D00FAC80CBD5650D38747FCAD85CB62954F3D2372FD85140D270530F6759AFC56B0E3057594A6AAF40ADAE4D7B5E2A9CE83531101B70E5208D
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:............C..S...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):115717
                                                                                                                                                                                                                                                            Entropy (8bit):5.183660917461099
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                                                                                                                                                            MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                                                                                                                                                            SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                                                                                                                                                            SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                                                                                                                                                            SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 12, cookie 0x3, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):49152
                                                                                                                                                                                                                                                            Entropy (8bit):3.3017070301161784
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:384:aj9P0yX+cYgam6INhaQkQerz773pLOP/KbtwRKToaAu:adxBPd0e2z7EP/HRKcC
                                                                                                                                                                                                                                                            MD5:E2AD53AEBD4766470FE611FFCFDF8B95
                                                                                                                                                                                                                                                            SHA1:30341139A9BC98260EF872D8849E8390AD4A98D4
                                                                                                                                                                                                                                                            SHA-256:A697F940B4118777154FDE772706F1C771D329B3A9EA4491650D1E60414AF8C7
                                                                                                                                                                                                                                                            SHA-512:32D5DF280EC1814C67FA58FABFF5A71C023BF73886CAF89E3799F9C133AF25413A751FBBC69F360FB87173817787E19F08D7FDB880BC93BF27B7BB674EB3D3A9
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):405
                                                                                                                                                                                                                                                            Entropy (8bit):5.240693335786345
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:7GREv4Yeb8rcHEZrELFUtoRw/CRjFHz5LYeb8rcHEZrEZSJ:7Uu4Yeb8nZrExgG75HlLYeb8nZrEZe
                                                                                                                                                                                                                                                            MD5:5E1517B2B7675131777267C5D9002757
                                                                                                                                                                                                                                                            SHA1:19463A1B1A4BAD7563A1215D5713195F6326559E
                                                                                                                                                                                                                                                            SHA-256:AE19F099E32A3569C75406C8733357A3AEB6C0DE8B756BA9622BB8E2A6B6F7A4
                                                                                                                                                                                                                                                            SHA-512:38573B4CC3A0EFA7D832B03138AC9D6D5DA53F624D705153B9A97B6FB828D6FF40DC818FB0A6FE84C0E199B0FF03CF081BF84D7F1FAD0A14DB7EC32D5F251DF1
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:15.080 718 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/03/11-19:00:15.081 718 Recovering log #3.2025/03/11-19:00:15.082 718 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):405
                                                                                                                                                                                                                                                            Entropy (8bit):5.240693335786345
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:7GREv4Yeb8rcHEZrELFUtoRw/CRjFHz5LYeb8rcHEZrEZSJ:7Uu4Yeb8nZrExgG75HlLYeb8nZrEZe
                                                                                                                                                                                                                                                            MD5:5E1517B2B7675131777267C5D9002757
                                                                                                                                                                                                                                                            SHA1:19463A1B1A4BAD7563A1215D5713195F6326559E
                                                                                                                                                                                                                                                            SHA-256:AE19F099E32A3569C75406C8733357A3AEB6C0DE8B756BA9622BB8E2A6B6F7A4
                                                                                                                                                                                                                                                            SHA-512:38573B4CC3A0EFA7D832B03138AC9D6D5DA53F624D705153B9A97B6FB828D6FF40DC818FB0A6FE84C0E199B0FF03CF081BF84D7F1FAD0A14DB7EC32D5F251DF1
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:15.080 718 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2025/03/11-19:00:15.081 718 Recovering log #3.2025/03/11-19:00:15.082 718 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1986
                                                                                                                                                                                                                                                            Entropy (8bit):5.633228213330618
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:mZxTvCxy8MkvvNR8XRrV03Sx4LylswU7qoUWqbhRHHS2/41:mTCVviRT2osw6g9TQ1
                                                                                                                                                                                                                                                            MD5:41CE133BCDE2AA5E46B7F5DBBE5564D3
                                                                                                                                                                                                                                                            SHA1:1DA6BB06B1D1BD69EE965FAB97236D7838437A78
                                                                                                                                                                                                                                                            SHA-256:B3B95CA7DAB0FFD42380546BDC3356EE331B4731D3412448A2459E781639084B
                                                                                                                                                                                                                                                            SHA-512:86EA474821BF263C9006BEABA1384115A4B11AD55397BA00121C29D20C0244D1DFC646E9D46CE16BDBC9ACD6552E3024C2B3F248A8B9B9C4C7AD64FE798EF7BD
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:..8..................VERSION.1..META:https://ntp.msn.com..............!_https://ntp.msn.com..LastKnownPV..1741734024440.-_https://ntp.msn.com..LastVisuallyReadyMarker..1741734026067.._https://ntp.msn.com..MUID!.390BF5B215C66C813DC9E01E14F96DFA.%_https://ntp.msn.com..authRecordTrail...[{"time":"2025-03-11T23:00:24.352Z","action":"NUT","result":"SUCCESS","state":{"isSignedIn":false,"accountType":"UNSUPPORTED_SOVEREIGNTY","signedInAccounts":[0],"storage":{"elt":0,"lt":0,"aace":0,"ace":0,"app_anon":0,"anon":0,"app_wid":0},"appType":"edgeChromium","pageType":"dhp"}}].._https://ntp.msn.com..bkgdV...{"cachedVideoId":-1,"lastUpdatedTime":1741734024545,"schedule":[-1,-1,20,-1,16,18,-1],"scheduleFixed":[-1,-1,20,-1,16,18,-1],"simpleSchedule":[27,11,17,40,48,13,23]}.%_https://ntp.msn.com..clean_meta_flag..1.5_https://ntp.msn.com..enableUndersideAutoOpenFromEdge..false.&_https://ntp.msn.com..oneSvcUniTunMode..header."_https://ntp.msn.com..pageVersions..{"dhp":"20250311.398"}.*_https://ntp.msn.com.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):333
                                                                                                                                                                                                                                                            Entropy (8bit):5.084732567749378
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtyq2P923oH+Tcwt8a2jMGIFUtoRt5FZZmwCRtju7zkwO923oH+Tcwt8a2jM4:7GREv4Yeb8EFUtoRL/CRFMz5LYeb8bJ
                                                                                                                                                                                                                                                            MD5:9AD861F13825223922FC64DF4968F361
                                                                                                                                                                                                                                                            SHA1:2276113684A19935A0C4E9D5502114B9EC849307
                                                                                                                                                                                                                                                            SHA-256:D6D97A178CA05673F42B8049D973E3C1B1EF7FC49E202CB1425A9AE73960670E
                                                                                                                                                                                                                                                            SHA-512:C622A913F1CCD766415F8AE605C73E4E8153DA6401E20F57B1F69EBC4D29358CA9E7F93850CB649E7AC12FA8511CCA9CC9724F8EAAD4826FF344B8E777408869
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.514 a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/03/11-19:00:10.516 a60 Recovering log #3.2025/03/11-19:00:10.522 a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):333
                                                                                                                                                                                                                                                            Entropy (8bit):5.084732567749378
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtyq2P923oH+Tcwt8a2jMGIFUtoRt5FZZmwCRtju7zkwO923oH+Tcwt8a2jM4:7GREv4Yeb8EFUtoRL/CRFMz5LYeb8bJ
                                                                                                                                                                                                                                                            MD5:9AD861F13825223922FC64DF4968F361
                                                                                                                                                                                                                                                            SHA1:2276113684A19935A0C4E9D5502114B9EC849307
                                                                                                                                                                                                                                                            SHA-256:D6D97A178CA05673F42B8049D973E3C1B1EF7FC49E202CB1425A9AE73960670E
                                                                                                                                                                                                                                                            SHA-512:C622A913F1CCD766415F8AE605C73E4E8153DA6401E20F57B1F69EBC4D29358CA9E7F93850CB649E7AC12FA8511CCA9CC9724F8EAAD4826FF344B8E777408869
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.514 a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2025/03/11-19:00:10.516 a60 Recovering log #3.2025/03/11-19:00:10.522 a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0bf4adb5-2749-4c8b-9b76-4bd9144d15a6.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\51e2ff17-2e06-442f-a53a-c5584178553d.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\6890fd13-ae10-4928-92e7-ee2b650fbbcd.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):111
                                                                                                                                                                                                                                                            Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                                                                            MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                                                                            SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                                                                            SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                                                                            SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\927ec045-9fee-42ba-8bbd-12e8c433db66.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 8, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 8
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                            Entropy (8bit):2.788898909676722
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:tTYpdQ7W7N3Nb2Kb+fh7K8ercXcf0L/ZJVb:VYpdQ7s3N6Kb+fhm8UcXI0LhJVb
                                                                                                                                                                                                                                                            MD5:A66AA7AD27B620AED18528B6FDB586AC
                                                                                                                                                                                                                                                            SHA1:5B988D534509467A334791496FE121A144F4ABC1
                                                                                                                                                                                                                                                            SHA-256:99A090C1CF93F9BD7CC03588C7007FF7AAB2D4780E1EB077EE3050CD985B7E41
                                                                                                                                                                                                                                                            SHA-512:CB0AE17F86763B836FA1501C92136E64FD5144E0F92F13CB1BE7EC1E8103A1A7752B96C86D805250DB25750D39829E2666DFB02980D2785B1ED9DC9E43C1ADD4
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):111
                                                                                                                                                                                                                                                            Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                            MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                            SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                            SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                            SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF37f62.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):111
                                                                                                                                                                                                                                                            Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                            MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                            SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                            SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                            SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):36864
                                                                                                                                                                                                                                                            Entropy (8bit):1.1127465066132003
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:TFkIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB9d:JkIEumQv8m1ccnvS6PhY/E
                                                                                                                                                                                                                                                            MD5:1177D669B774AEFE042929449B6FF882
                                                                                                                                                                                                                                                            SHA1:1A79EFF06F1B649D52104B642F3B860808E295D7
                                                                                                                                                                                                                                                            SHA-256:3CC28DDBA9F718D920FB1AC5AF813F752DFD504AC65B445C8D2D100E9AA2F40F
                                                                                                                                                                                                                                                            SHA-512:0A7DCC252E424E0EE616A08A1D45197667B9A8DA87A8684053A2F797C8329A4D00F731F85BF718FB0309752B75F7CD2EF4CFBEE4CBCADAFCCE3AFF44AA8D7CEF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF2fc09.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF30fa1.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\bfbd64ec-0393-4388-bc2e-e8cd51a39368.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e742f1d4-1759-439c-8aa4-445877a6abce.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):111
                                                                                                                                                                                                                                                            Entropy (8bit):4.718418993774295
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqk1Yn:YHpoeS7PMVKJTnMRKXk1Yn
                                                                                                                                                                                                                                                            MD5:807419CA9A4734FEAF8D8563A003B048
                                                                                                                                                                                                                                                            SHA1:A723C7D60A65886FFA068711F1E900CCC85922A6
                                                                                                                                                                                                                                                            SHA-256:AA10BF07B0D265BED28F2A475F3564D8DDB5E4D4FFEE0AB6F3A0CC564907B631
                                                                                                                                                                                                                                                            SHA-512:F10D496AE75DB5BA412BD9F17BF0C7DA7632DB92A3FABF7F24071E40F5759C6A875AD8F3A72BAD149DA58B3DA3B816077DF125D0D9F3544ADBA68C66353D206C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G"}}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                            Entropy (8bit):0.5913116480362223
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isDhSdn069dOfNS9K0xH8:TLSOUOq0afDdWec9sJeM06iI7J5fc
                                                                                                                                                                                                                                                            MD5:17A3B77EC7CA34985C7E2DE758D6A64B
                                                                                                                                                                                                                                                            SHA1:E500D668A3DA3BD2B408C71E921ABFB47B5E6541
                                                                                                                                                                                                                                                            SHA-256:D11D7395D39936E05A1AE7BBC63460AC1EE8457A523E977E6BF8C994EFD2A27B
                                                                                                                                                                                                                                                            SHA-512:B74A0422960C2A6F7C1DC1F012932CE6060A633C22F4F260BAF9033B0B8D6AE71AF8C793CC69078CDD6710B2FBDAF330A132C3899A45267D33195FB88E89D82D
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):10066
                                                                                                                                                                                                                                                            Entropy (8bit):5.112336679907975
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:stkkdpHsCZ9sZihUkRmX8mbV+FVjQA66WYaFIMYxP3caJ:stkQHsCZ9fh4bGhQx6WYaTYt
                                                                                                                                                                                                                                                            MD5:CB565AEDF5CDD4EF92E74637949EC0A4
                                                                                                                                                                                                                                                            SHA1:92355B31101F801B6706DBA9AF8A412FC62BA099
                                                                                                                                                                                                                                                            SHA-256:3B5D5D2A0BFDF3689322D636813C207CEE012F4DD9B935D757D5F2860C7B5687
                                                                                                                                                                                                                                                            SHA-512:A467D8FF10D565FD4FF5D976A5C4B432BC8AAAF06F587A57E2EE04CD54F4D70339C4982D2363846F8821DA7C0AD774C463432E411DCA758B41CA620CC54CE759
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13386207612164045","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF34538.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):10066
                                                                                                                                                                                                                                                            Entropy (8bit):5.112336679907975
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:stkkdpHsCZ9sZihUkRmX8mbV+FVjQA66WYaFIMYxP3caJ:stkQHsCZ9fh4bGhQx6WYaTYt
                                                                                                                                                                                                                                                            MD5:CB565AEDF5CDD4EF92E74637949EC0A4
                                                                                                                                                                                                                                                            SHA1:92355B31101F801B6706DBA9AF8A412FC62BA099
                                                                                                                                                                                                                                                            SHA-256:3B5D5D2A0BFDF3689322D636813C207CEE012F4DD9B935D757D5F2860C7B5687
                                                                                                                                                                                                                                                            SHA-512:A467D8FF10D565FD4FF5D976A5C4B432BC8AAAF06F587A57E2EE04CD54F4D70339C4982D2363846F8821DA7C0AD774C463432E411DCA758B41CA620CC54CE759
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13386207612164045","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF383a8.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):10066
                                                                                                                                                                                                                                                            Entropy (8bit):5.112336679907975
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:stkkdpHsCZ9sZihUkRmX8mbV+FVjQA66WYaFIMYxP3caJ:stkQHsCZ9fh4bGhQx6WYaTYt
                                                                                                                                                                                                                                                            MD5:CB565AEDF5CDD4EF92E74637949EC0A4
                                                                                                                                                                                                                                                            SHA1:92355B31101F801B6706DBA9AF8A412FC62BA099
                                                                                                                                                                                                                                                            SHA-256:3B5D5D2A0BFDF3689322D636813C207CEE012F4DD9B935D757D5F2860C7B5687
                                                                                                                                                                                                                                                            SHA-512:A467D8FF10D565FD4FF5D976A5C4B432BC8AAAF06F587A57E2EE04CD54F4D70339C4982D2363846F8821DA7C0AD774C463432E411DCA758B41CA620CC54CE759
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13386207612164045","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3f8d8.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):10066
                                                                                                                                                                                                                                                            Entropy (8bit):5.112336679907975
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:stkkdpHsCZ9sZihUkRmX8mbV+FVjQA66WYaFIMYxP3caJ:stkQHsCZ9fh4bGhQx6WYaTYt
                                                                                                                                                                                                                                                            MD5:CB565AEDF5CDD4EF92E74637949EC0A4
                                                                                                                                                                                                                                                            SHA1:92355B31101F801B6706DBA9AF8A412FC62BA099
                                                                                                                                                                                                                                                            SHA-256:3B5D5D2A0BFDF3689322D636813C207CEE012F4DD9B935D757D5F2860C7B5687
                                                                                                                                                                                                                                                            SHA-512:A467D8FF10D565FD4FF5D976A5C4B432BC8AAAF06F587A57E2EE04CD54F4D70339C4982D2363846F8821DA7C0AD774C463432E411DCA758B41CA620CC54CE759
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13386207612164045","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"should_reset_check_default_browser":false,"toolbar_extensions_hub_button_visibility":0,"underside_chat_bing_signed_in_status":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"browser_content_container_height":882,"browser_content_container_width":1236,"browser_content_container_x":0,"browser_content_container_y":102,"continuous_migration":{"ci_correction_for_holdout_treatment_state":1},"countryid_at_install":17224,"custom_links":{"l

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                                                                                                            Entropy (8bit):5.567340693385856
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:TbEhr5WPrvfne8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZ08nQrw22p3tuO:TbEhr5WPrvfneu1jaUvnhrt9
                                                                                                                                                                                                                                                            MD5:D0C0AD6EEE28E8950FB0E21D33167BDA
                                                                                                                                                                                                                                                            SHA1:BE3206014D865BF0DC1699D506D9B12FA136CCD1
                                                                                                                                                                                                                                                            SHA-256:2A15A5DD487149E137AE6E3C65E987CADCE00F2A3FCB4016F39C97E94908CD6B
                                                                                                                                                                                                                                                            SHA-512:88BEA7E3142C92F31E1A70749038B355944EEBAFE852A77B978CBCCAC1D6A83710E82F9B86F4B5EF6BD5F76E06A4BB6E6143303D9852A036F74FEA7A161B4F04
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13386207610320327","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13386207610320327","location":5,"ma

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF33692.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):25012
                                                                                                                                                                                                                                                            Entropy (8bit):5.567340693385856
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:TbEhr5WPrvfne8F1+UoAYDCx9Tuqh0VfUC9xbog/OVZ08nQrw22p3tuO:TbEhr5WPrvfneu1jaUvnhrt9
                                                                                                                                                                                                                                                            MD5:D0C0AD6EEE28E8950FB0E21D33167BDA
                                                                                                                                                                                                                                                            SHA1:BE3206014D865BF0DC1699D506D9B12FA136CCD1
                                                                                                                                                                                                                                                            SHA-256:2A15A5DD487149E137AE6E3C65E987CADCE00F2A3FCB4016F39C97E94908CD6B
                                                                                                                                                                                                                                                            SHA-512:88BEA7E3142C92F31E1A70749038B355944EEBAFE852A77B978CBCCAC1D6A83710E82F9B86F4B5EF6BD5F76E06A4BB6E6143303D9852A036F74FEA7A161B4F04
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13386207610320327","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13386207610320327","location":5,"ma

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2403
                                                                                                                                                                                                                                                            Entropy (8bit):5.818397577705098
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:F2emwfrd6/fxEPrdCAYYHBrd6axEtrdQxEC:F1mwfx6/qPxCAHBx6ptxnC
                                                                                                                                                                                                                                                            MD5:E3F643CB1C8340B1C54BFE3AA2D1F192
                                                                                                                                                                                                                                                            SHA1:EF15DA57FF4EACFA2694AF433EC07C18D16C12D3
                                                                                                                                                                                                                                                            SHA-256:E08BC59088F20F5B6458ECCB7583A7F94626D6E12D451C62C3B87BE9B13528BC
                                                                                                                                                                                                                                                            SHA-512:4C7120D1105557ECB3987AE2EB85BD8CA7F175BE78809A1AD8DEFC8D961C3EA61912D1B27473F7553254037DA24C198E2BF618BFB462E25092999FE009045713
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2S...................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.+INITDATA_UNIQUE_ORIGIN:https://ntp.msn.com/...REG:https://ntp.msn.com/.0......https://ntp.msn.com/edge/ntp...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true .(.0.8........@...Z.b.....trueh..h..h..h..h..h..h..h..h..h..h..h.!p.x.................................REGID_TO_ORIGIN:0.https://ntp.msn.com/..RES:0.0.......https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableE

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):16
                                                                                                                                                                                                                                                            Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                                                            MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                                                            SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                                                            SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                                                            SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:MANIFEST-000001.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):297
                                                                                                                                                                                                                                                            Entropy (8bit):5.124968285564044
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtXsG+81923oH+TcwtE/a252KLl4RtXWOq2P923oH+TcwtE/a2ZIFUv:7GRhOYeb8xLCRgOv4Yeb8J2FUv
                                                                                                                                                                                                                                                            MD5:885D442C4165209C5B2A80FC3BCC22D9
                                                                                                                                                                                                                                                            SHA1:4CD1843EDBAE2F149004942B1494A24B150D0BE8
                                                                                                                                                                                                                                                            SHA-256:0EF6F5254887ABBD02D7519ABEFF20E32AC36587E3311A0DDFB796BEE23F41CA
                                                                                                                                                                                                                                                            SHA-512:8AE14EAC1EDB721FBF06C96E05A2F32FF3303E782E9F3F0B52DEBF756B664477CDF274F9BEED9F8A565304716F20E795656E08734FFABF7244DD4FF6CF0FCDFF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:26.038 c20 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database since it was missing..2025/03/11-19:00:26.055 c20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:OpenPGP Secret Key
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):41
                                                                                                                                                                                                                                                            Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                                                            MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                                                            SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                                                            SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                                                            SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):117233
                                                                                                                                                                                                                                                            Entropy (8bit):5.5766495128963065
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:j9LyxPXfO4O1pue4ML/INhehMr/7yjR1l:H1pEML/QhSMr/7yjjl
                                                                                                                                                                                                                                                            MD5:2E547CD48BA37AB0BB0DE1BC5372A8BC
                                                                                                                                                                                                                                                            SHA1:FCBFA90F13DEEE8FDAA56745B20C81D3AD38D359
                                                                                                                                                                                                                                                            SHA-256:B6A60F62408CBDDDB7A4F692274C4D3F60860E650476A8AFA37BBEF0A7FD4905
                                                                                                                                                                                                                                                            SHA-512:DD4F078C4C697A528A7A76C37A9004F9E10352645545529DA2A92478175D4247F37EB6D471D582E46B319905335B0E6BC6AF85A68CB6B740904F00250A5D772A
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:0\r..m..........rSG.....0!function(e,t){if("object"==typeof exports&&"object"==typeof module)module.exports=t();else if("function"==typeof define&&define.amd)define([],t);else{var s=t();for(var n in s)("object"==typeof exports?exports:e)[n]=s[n]}}(self,(()=>(()=>{"use strict";var e={894:()=>{try{self["workbox:cacheable-response:6.4.0"]&&_()}catch(e){}},81:()=>{try{self["workbox:core:6.4.0"]&&_()}catch(e){}},485:()=>{try{self["workbox:expiration:6.4.0"]&&_()}catch(e){}},484:()=>{try{self["workbox:navigation-preload:6.4.0"]&&_()}catch(e){}},248:()=>{try{self["workbox:precaching:6.4.0"]&&_()}catch(e){}},492:()=>{try{self["workbox:routing:6.4.0"]&&_()}catch(e){}},154:()=>{try{self["workbox:strategies:6.4.0"]&&_()}catch(e){}}},t={};function s(n){var a=t[n];if(void 0!==a)return a.exports;var r=t[n]={exports:{}};return e[n](r,r.exports,s),r.exports}s.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):195865
                                                                                                                                                                                                                                                            Entropy (8bit):6.3889119347912855
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3072:yCcYd4r/pVPzwZ+PLpLuL/UCHxB5gTfhGPk5qKgcmCLCQ:y7R7zweLpKL/bRB8fhGc5qKgeV
                                                                                                                                                                                                                                                            MD5:0E4CF4C1246C61C57FA643C92D34505C
                                                                                                                                                                                                                                                            SHA1:717EF116A3793A625F786955398CA97DDB88B429
                                                                                                                                                                                                                                                            SHA-256:4A81B48ABC24C02CF32F26706ECF4150BF9C59BBB92745F0795E32E0EB9AA129
                                                                                                                                                                                                                                                            SHA-512:9D6763B394B2E0D29DCC9AC29FE57A48748531A51DD625AE0E334DBD14B992AFB20745EFAD08146A2D799CF60DD4640C1D7E3A4B3E691C8060BFF05EF4E1E030
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:0\r..m..........rSG.....0....Lp.................;......*.........,T.8..`,.....L`.....,T...`......L`......Rc........exports...Rc..Qc....module....RcbP.d....define....Rb........amd....D..H...........".. ...".. ...!...a..2....]".. ...!...-.....!...|..c.....>a...8v............*.........".. ...!........./..4.....).....$Sb............I`....Da......... ..f..........`...p...0...j...p..H........Q....fI{...https://ntp.msn.com/edge/ntp/service-worker.js?bundles=latest&riverAgeMinutes=2880&navAgeMinutes=2880&networkTimeoutSeconds=5&bgTaskNetworkTimeoutSeconds=8&ssrBasePageNavAgeMinutes=360&enableEmptySectionRoute=true&enableNavPreload=true&enableFallbackVerticalsFeed=true&noCacheLayoutTemplates=true&cacheSSRBasePageResponse=true&enableStaticAdsRouting=true&enableWidgetsRegion=true.a........Db............D`........A.`............,T.,.`......L`.....,T...`>....DL`.....DSb.....................q...1.c................I`....Da.....o...,T.`.`z.....L`..........a............a.........Dr8..............

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):24
                                                                                                                                                                                                                                                            Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:m+l:m
                                                                                                                                                                                                                                                            MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                                                            SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                                                            SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                                                            SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:0\r..m..................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):72
                                                                                                                                                                                                                                                            Entropy (8bit):3.55492787511957
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:wSlE0Xl/lr/l9/lxEsD/lNal:wSlzk7l
                                                                                                                                                                                                                                                            MD5:B6B8CA06E6DA6F4EDBD54534C997CCBF
                                                                                                                                                                                                                                                            SHA1:0465043148782448956E60BD68F29A893788D96F
                                                                                                                                                                                                                                                            SHA-256:E20D18E3E4CAF79AC32B998D40FD431877437751D5A3BC931F26A3972CBA39CF
                                                                                                                                                                                                                                                            SHA-512:C1255DD34B397AEE5EE3E09C7D390C0250AD749A636D2EA5F963859F2A1E356864B44D8715F00EA7932E27AB5D713FBE9177D19CF54FCF6649A0184BBA3025FD
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:@...Eg..oy retne.........................X....,................2..V../.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):72
                                                                                                                                                                                                                                                            Entropy (8bit):3.55492787511957
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:wSlE0Xl/lr/l9/lxEsD/lNal:wSlzk7l
                                                                                                                                                                                                                                                            MD5:B6B8CA06E6DA6F4EDBD54534C997CCBF
                                                                                                                                                                                                                                                            SHA1:0465043148782448956E60BD68F29A893788D96F
                                                                                                                                                                                                                                                            SHA-256:E20D18E3E4CAF79AC32B998D40FD431877437751D5A3BC931F26A3972CBA39CF
                                                                                                                                                                                                                                                            SHA-512:C1255DD34B397AEE5EE3E09C7D390C0250AD749A636D2EA5F963859F2A1E356864B44D8715F00EA7932E27AB5D713FBE9177D19CF54FCF6649A0184BBA3025FD
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:@...Eg..oy retne.........................X....,................2..V../.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF38713.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):72
                                                                                                                                                                                                                                                            Entropy (8bit):3.55492787511957
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:wSlE0Xl/lr/l9/lxEsD/lNal:wSlzk7l
                                                                                                                                                                                                                                                            MD5:B6B8CA06E6DA6F4EDBD54534C997CCBF
                                                                                                                                                                                                                                                            SHA1:0465043148782448956E60BD68F29A893788D96F
                                                                                                                                                                                                                                                            SHA-256:E20D18E3E4CAF79AC32B998D40FD431877437751D5A3BC931F26A3972CBA39CF
                                                                                                                                                                                                                                                            SHA-512:C1255DD34B397AEE5EE3E09C7D390C0250AD749A636D2EA5F963859F2A1E356864B44D8715F00EA7932E27AB5D713FBE9177D19CF54FCF6649A0184BBA3025FD
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:@...Eg..oy retne.........................X....,................2..V../.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):6167
                                                                                                                                                                                                                                                            Entropy (8bit):3.4213595088592235
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:GpWsP6n7Q9k/MlJp+GkiELJ0/gtDZOpHOY9:GpUU9k/M7p+7Hm/gtFOpHx9
                                                                                                                                                                                                                                                            MD5:967C8DBDA73E509F1FB6226AFC564418
                                                                                                                                                                                                                                                            SHA1:70D75B19E6DDBAB1B300A5AF962C7794FC6BF0BE
                                                                                                                                                                                                                                                            SHA-256:BA33DA9F76B0399A80B89C8C143492A2A077E7CBBEEB2DC0F0FDBF0AB1F77393
                                                                                                                                                                                                                                                            SHA-512:BB65D5AFB84349625794A5D41184B59FF540231F950C0FEB0F8AE4D1DD5B527D9E106380F03D5374DE0A547478E3163B37093F26E6629522726BB27B5365A36F
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................0.rb................next-map-id.1.Cnamespace-bd9a6fa5_a00e_4530_b157_43e018554b61-https://ntp.msn.com/.0..~..................map-0-shd_sweeper.-{.".x.-.m.s.-.f.l.i.g.h.t.I.d.".:.".m.s.n.a.l.l.e.x.p.u.s.e.r.s.,.p.r.g.-.s.p.-.l.i.v.e.a.p.i.,.p.r.g.-.f.i.n.-.c.o.m.p.o.f.,.p.r.g.-.f.i.n.-.h.p.o.f.l.i.o.,.p.r.g.-.f.i.n.-.p.o.f.l.i.o.,.p.r.g.-.1.s.w.-.c.c.-.c.a.l.f.b.v.c.,.p.r.g.-.1.s.w.-.s.a.-.c.a.l.f.b.v.c.,.c.-.p.r.g.-.m.s.n.-.b.l.s.b.i.d.m.h.o.,.p.r.g.-.1.s.-.l.c.k.t.h.1.-.t.,.1.s.-.b.w.o.s.c.a.c.h.e.,.1.s.-.c.h.-.t.r.v.l.t.2.,.1.s.-.e.n.t.r.v.l.l.s.,.1.s.-.p.1.-.b.i.n.g.w.i.d.g.e.t.s.,.1.s.-.p.1.-.t.r.v.l.l.s.t.1.,.1.s.-.p.2.-.b.i.n.g.w.i.d.g.e.t.s.,.1.s.-.p.2.-.t.r.v.l.l.s.t.1.,.1.s.-.t.r.v.t.l.s.t.h.m.,.1.s.-.w.p.o.-.l.o.c.k.-.t.r.v.l.2.,.p.r.g.-.1.s.w.-.s.a.-.c.f.m.i.g.t.1.,.p.r.g.-.1.s.w.-.s.a.-.e.n.r.e.l.1.2.c.1.f.,.p.r.g.-.1.s.w.-.s.a.g.e.v.i.p.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                                                                                                            Entropy (8bit):5.070171211570877
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtZvIq2P923oH+TcwtrQMxIFUtoRtyZmwCRthkFzkwO923oH+TcwtrQMFLJ:7GRAv4YebCFUtoRA/CRoF5LYebtJ
                                                                                                                                                                                                                                                            MD5:E65463B9866D5520473C2E60DC0EFA82
                                                                                                                                                                                                                                                            SHA1:8051F947475DBE46D12687B37BA5388E83C4FA94
                                                                                                                                                                                                                                                            SHA-256:00194845DABAD1D02AE3D336A82C1E819DC51B7F57B3EAFD668CF3BFB099CB6D
                                                                                                                                                                                                                                                            SHA-512:C7E605D9B125E770107ED231DF7B4E084BFDA44DA8EC5588E87ECFE5063D62B55D31594641FC740FA7CC40865771964FD0CE800E378C623EFFFD20479806DF0D
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.044 a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/03/11-19:00:12.049 a60 Recovering log #3.2025/03/11-19:00:12.052 a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):321
                                                                                                                                                                                                                                                            Entropy (8bit):5.070171211570877
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtZvIq2P923oH+TcwtrQMxIFUtoRtyZmwCRthkFzkwO923oH+TcwtrQMFLJ:7GRAv4YebCFUtoRA/CRoF5LYebtJ
                                                                                                                                                                                                                                                            MD5:E65463B9866D5520473C2E60DC0EFA82
                                                                                                                                                                                                                                                            SHA1:8051F947475DBE46D12687B37BA5388E83C4FA94
                                                                                                                                                                                                                                                            SHA-256:00194845DABAD1D02AE3D336A82C1E819DC51B7F57B3EAFD668CF3BFB099CB6D
                                                                                                                                                                                                                                                            SHA-512:C7E605D9B125E770107ED231DF7B4E084BFDA44DA8EC5588E87ECFE5063D62B55D31594641FC740FA7CC40865771964FD0CE800E378C623EFFFD20479806DF0D
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.044 a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2025/03/11-19:00:12.049 a60 Recovering log #3.2025/03/11-19:00:12.052 a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13386207612803099

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1443
                                                                                                                                                                                                                                                            Entropy (8bit):3.77401618348399
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:24:3Au3wKDwTDUvpsAF4unxBmtLp3X2amEtG1ChqDWQKkOAM4N6:3Au37wTYvzFxoLp2FEkCh4HHOpH
                                                                                                                                                                                                                                                            MD5:FB5124B2BAE89B0DD7EF076510953505
                                                                                                                                                                                                                                                            SHA1:6CE7015856B288D3AA82A239EEA4374B6347DAB4
                                                                                                                                                                                                                                                            SHA-256:1C462AB9F51CC0716567CD449372D9068EAA2806D538F482A2478E2F339CF5AB
                                                                                                                                                                                                                                                            SHA-512:630879E272D06FCCA6ACD7B8DC20981BC7DE906DB8C02C4CBFCE3E98FAA9369876E05B1D4867409958FF55242C64B490A2D41422DEE29C684C018ECE8D6B8725
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SNSS.......S0.............S0........"S0.............S0.........S0.........T0.........T0......!..T0.................................S0..T0..1..,...T0..$...bd9a6fa5_a00e_4530_b157_43e018554b61...S0.........T0......S.r........S0.....S0.........................S0......................5..0...S0..&...{FEABE72C-70FB-448E-B17D-2908167F4EB5}.....S0............S0.........................T0.............T0..........edge://newtab/......N.e.w. .t.a.b...........!...............................................................x...............................x.......x.@..0..y.@..0.................................. ...................................................r...h.t.t.p.s.:././.n.t.p...m.s.n...c.o.m./.e.d.g.e./.n.t.p.?.l.o.c.a.l.e.=.e.n.-.G.B.&.t.i.t.l.e.=.N.e.w.%.2.0.t.a.b.&.d.s.p.=.1.&.s.p.=.B.i.n.g.&.i.s.F.R.E.M.o.d.a.l.B.a.c.k.g.r.o.u.n.d.=.1.&.s.t.a.r.t.p.a.g.e.=.1.&.P.C.=.U.5.3.1.....................................8.......0.......8............................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):20480
                                                                                                                                                                                                                                                            Entropy (8bit):0.44194574462308833
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                                                                                                                                                            MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                                                                                                                                                            SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                                                                                                                                                            SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                                                                                                                                                            SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):352
                                                                                                                                                                                                                                                            Entropy (8bit):5.100407909442174
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtcO4q2P923oH+Tcwt7Uh2ghZIFUtoRtQ4RNJZmwCRtKbVLDkwO923oH+TcwK:7GRAv4YebIhHh2FUtoRv9/CRMxP5LYeQ
                                                                                                                                                                                                                                                            MD5:DF9503B8C2C912EDD97B6706516DD575
                                                                                                                                                                                                                                                            SHA1:509991994961953D8B34ED7B987272AFB132CF35
                                                                                                                                                                                                                                                            SHA-256:FCA19DEA9D3C0E794243A9B48A66A6435536BA80FEA341C1992704B240D8DEB0
                                                                                                                                                                                                                                                            SHA-512:65903ED9EAFE054358FABD51CF0F839B81212997721D96F051433A9AED521E07189D5D81B3DA5C6F1B69693F47E9A6647DC96FB3E30108B59AB149B3ED1C2A70
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.352 1d04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/03/11-19:00:10.356 1d04 Recovering log #3.2025/03/11-19:00:10.436 1d04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):352
                                                                                                                                                                                                                                                            Entropy (8bit):5.100407909442174
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtcO4q2P923oH+Tcwt7Uh2ghZIFUtoRtQ4RNJZmwCRtKbVLDkwO923oH+TcwK:7GRAv4YebIhHh2FUtoRv9/CRMxP5LYeQ
                                                                                                                                                                                                                                                            MD5:DF9503B8C2C912EDD97B6706516DD575
                                                                                                                                                                                                                                                            SHA1:509991994961953D8B34ED7B987272AFB132CF35
                                                                                                                                                                                                                                                            SHA-256:FCA19DEA9D3C0E794243A9B48A66A6435536BA80FEA341C1992704B240D8DEB0
                                                                                                                                                                                                                                                            SHA-512:65903ED9EAFE054358FABD51CF0F839B81212997721D96F051433A9AED521E07189D5D81B3DA5C6F1B69693F47E9A6647DC96FB3E30108B59AB149B3ED1C2A70
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.352 1d04 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2025/03/11-19:00:10.356 1d04 Recovering log #3.2025/03/11-19:00:10.436 1d04 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):270336
                                                                                                                                                                                                                                                            Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                                                                            MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                                                                            SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                                                                            SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                                                                            SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):431
                                                                                                                                                                                                                                                            Entropy (8bit):5.178429137733135
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:7GRkAv4YebvqBQFUtoRu/CRe5LYebvqBvJ:7Ux4YebvZgGpILYebvk
                                                                                                                                                                                                                                                            MD5:50560145DA08E2575C55086EB8D6435F
                                                                                                                                                                                                                                                            SHA1:BA61D650040A58FC630CF013BDB208EC1960DB0C
                                                                                                                                                                                                                                                            SHA-256:972F37F750121E83C4FE60FDEF3896B2F9D0E26286EF8FA440A9EB81AE5B8757
                                                                                                                                                                                                                                                            SHA-512:A4F2433E9283A5F77CDCADD268FE1FDCF8B1780529AFD22815F3390752E45D2C29F35149B2B095EF0565BD8BB7949545CD683D31A5BFE653A9F45A0A9FE42131
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.593 a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/03/11-19:00:12.601 a60 Recovering log #3.2025/03/11-19:00:12.605 a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):431
                                                                                                                                                                                                                                                            Entropy (8bit):5.178429137733135
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:7GRkAv4YebvqBQFUtoRu/CRe5LYebvqBvJ:7Ux4YebvZgGpILYebvk
                                                                                                                                                                                                                                                            MD5:50560145DA08E2575C55086EB8D6435F
                                                                                                                                                                                                                                                            SHA1:BA61D650040A58FC630CF013BDB208EC1960DB0C
                                                                                                                                                                                                                                                            SHA-256:972F37F750121E83C4FE60FDEF3896B2F9D0E26286EF8FA440A9EB81AE5B8757
                                                                                                                                                                                                                                                            SHA-512:A4F2433E9283A5F77CDCADD268FE1FDCF8B1780529AFD22815F3390752E45D2C29F35149B2B095EF0565BD8BB7949545CD683D31A5BFE653A9F45A0A9FE42131
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.593 a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2025/03/11-19:00:12.601 a60 Recovering log #3.2025/03/11-19:00:12.605 a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\58c4e4de-e42b-4c61-a272-19564d41a563.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                            Size (bytes):144
                                                                                                                                                                                                                                                            Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
                                                                                                                                                                                                                                                            MD5:F32592F4926E25E0D647EA7E4CBCD3FE
                                                                                                                                                                                                                                                            SHA1:4126DAA71810BDC438563699F77D5DA66DD3295E
                                                                                                                                                                                                                                                            SHA-256:BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
                                                                                                                                                                                                                                                            SHA-512:96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\7ded52aa-f952-4197-b337-45ab9a70fbb8.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\849fce4f-0cdb-42a3-a952-05af0ca63bc6.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):144
                                                                                                                                                                                                                                                            Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                            MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                            SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                            SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                            SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF37f62.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):144
                                                                                                                                                                                                                                                            Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                            MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                            SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                            SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                            SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF30fa1.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):40
                                                                                                                                                                                                                                                            Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                                                            MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                                                            SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                                                            SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                                                            SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):36864
                                                                                                                                                                                                                                                            Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                                                            MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                                                                            SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                                                                            SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                                                                            SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c2e0b87a-50ee-4d82-970a-05efe1cf70d8.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):144
                                                                                                                                                                                                                                                            Entropy (8bit):4.842082263530856
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                                                                                                                                                            MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                                                                                                                                                            SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                                                                                                                                                            SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                                                                                                                                                            SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\f1bfdcf1-9168-477d-85f0-7adf86a9f25d.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):2
                                                                                                                                                                                                                                                            Entropy (8bit):1.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:H:H
                                                                                                                                                                                                                                                            MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                                                            SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                                                            SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                                                            SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:[]

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):80
                                                                                                                                                                                                                                                            Entropy (8bit):3.4921535629071894
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                                                                                                                                                            MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                                                                                                                                                            SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                                                                                                                                                            SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                                                                                                                                                            SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):419
                                                                                                                                                                                                                                                            Entropy (8bit):5.169052686044057
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:7GRjv4YebvqBZFUtoR1u/CRpC5LYebvqBaJ:7Uj4YebvygG1puLYebvL
                                                                                                                                                                                                                                                            MD5:F42AA56E858443A63D639482776F12FF
                                                                                                                                                                                                                                                            SHA1:E41A3ED8128D821DA014DBBC843AFA4BFDEB6168
                                                                                                                                                                                                                                                            SHA-256:079B9DF9C33F67C2AFDA8B95E4031B4AC3E40A6FBD1A1BDDD9305F401DD4499E
                                                                                                                                                                                                                                                            SHA-512:7A8095A85C709EBBDEAFBEEF2DC31CBF5C448F718950E0B62FBE8943976383FF208C91767E2745013C78D6B8A7A0C06CD47A2CF29ED68AA0DE4249E9E029C6CF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:30.061 a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/03/11-19:00:30.063 a60 Recovering log #3.2025/03/11-19:00:30.067 a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):419
                                                                                                                                                                                                                                                            Entropy (8bit):5.169052686044057
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:7GRjv4YebvqBZFUtoR1u/CRpC5LYebvqBaJ:7Uj4YebvygG1puLYebvL
                                                                                                                                                                                                                                                            MD5:F42AA56E858443A63D639482776F12FF
                                                                                                                                                                                                                                                            SHA1:E41A3ED8128D821DA014DBBC843AFA4BFDEB6168
                                                                                                                                                                                                                                                            SHA-256:079B9DF9C33F67C2AFDA8B95E4031B4AC3E40A6FBD1A1BDDD9305F401DD4499E
                                                                                                                                                                                                                                                            SHA-512:7A8095A85C709EBBDEAFBEEF2DC31CBF5C448F718950E0B62FBE8943976383FF208C91767E2745013C78D6B8A7A0C06CD47A2CF29ED68AA0DE4249E9E029C6CF
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:30.061 a60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2025/03/11-19:00:30.063 a60 Recovering log #3.2025/03/11-19:00:30.067 a60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):325
                                                                                                                                                                                                                                                            Entropy (8bit):5.147125031825375
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtiAq2P923oH+TcwtpIFUtoRtPsZZmwCRtPszkwO923oH+Tcwta/WLJ:7GRcAv4YebmFUtoRpsZ/CRpsz5LYebaQ
                                                                                                                                                                                                                                                            MD5:99DB8E4084BA3473F139C88BB157B053
                                                                                                                                                                                                                                                            SHA1:2243F316D5F31E93C4038FA1E0DEE05F208390F0
                                                                                                                                                                                                                                                            SHA-256:7E8EA6F7ECAA59EDA5AFD4C54992ABDDDD15134329789D0C46B5270651B98FFC
                                                                                                                                                                                                                                                            SHA-512:041D4D590F78DE76E75740BD3CAE867C84A96E7B40148BEFC137B83DBD398C0D0707078CB7CFC859D9953BDDA7E3F597F9861FFCBA26EED5860C26F119CB7B17
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.337 c20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/03/11-19:00:10.384 c20 Recovering log #3.2025/03/11-19:00:10.384 c20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):325
                                                                                                                                                                                                                                                            Entropy (8bit):5.147125031825375
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtiAq2P923oH+TcwtpIFUtoRtPsZZmwCRtPszkwO923oH+Tcwta/WLJ:7GRcAv4YebmFUtoRpsZ/CRpsz5LYebaQ
                                                                                                                                                                                                                                                            MD5:99DB8E4084BA3473F139C88BB157B053
                                                                                                                                                                                                                                                            SHA1:2243F316D5F31E93C4038FA1E0DEE05F208390F0
                                                                                                                                                                                                                                                            SHA-256:7E8EA6F7ECAA59EDA5AFD4C54992ABDDDD15134329789D0C46B5270651B98FFC
                                                                                                                                                                                                                                                            SHA-512:041D4D590F78DE76E75740BD3CAE867C84A96E7B40148BEFC137B83DBD398C0D0707078CB7CFC859D9953BDDA7E3F597F9861FFCBA26EED5860C26F119CB7B17
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:10.337 c20 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2025/03/11-19:00:10.384 c20 Recovering log #3.2025/03/11-19:00:10.384 c20 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):196608
                                                                                                                                                                                                                                                            Entropy (8bit):1.2652776246120552
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:384:M/2qOB1nxCkMiSAELyKOMq+8yC8F/YfU5m+OlTLVumU:xq+n0Ji9ELyKOMq+8y9/OwT
                                                                                                                                                                                                                                                            MD5:EB6964C59CEC47DC16CD85066ED0F6B7
                                                                                                                                                                                                                                                            SHA1:C60AEB27019161F2B36171167B68970098ADC3DC
                                                                                                                                                                                                                                                            SHA-256:4BB176A592D8AD4E7CD9558C8DFE3C6040E736536F2083F0569DAE65DC1868EE
                                                                                                                                                                                                                                                            SHA-512:911F59FD039F62283DCB95F6861D4E34B3DD70CEB7AF541E398275D166304BA7FDC745D768B8749D9D164CE51849C7576F4A2AC1A1209BCC1BB4CCCDF8E08C4B
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):40960
                                                                                                                                                                                                                                                            Entropy (8bit):0.46715160373764497
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB0UvJL:v7doKsKuKZKlZNmu46yjx0O
                                                                                                                                                                                                                                                            MD5:8FC787F8806734C1A7F6DE60AE40693D
                                                                                                                                                                                                                                                            SHA1:293CF9DEC151C6662DFACBE61E2730B3CF140F9F
                                                                                                                                                                                                                                                            SHA-256:E40C03454D71080A03C302B2D7C98AD198A29B50CDB4CF7270683EE3A73DE2CD
                                                                                                                                                                                                                                                            SHA-512:FB4501FF6A939833D64D37912C6C4A27B53EB96712E30F2C624D42386BD6F9D1A71944C514F1C0AC6DB9C5DB13E0CEC98F33DCD2105F7D64C97CB7F916DB3C75
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ab9b5941-4b1b-4c2b-ab09-b565fd657d14.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):14178
                                                                                                                                                                                                                                                            Entropy (8bit):5.2867097557987925
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:stkJ9pQTryZigaba4uypHsCZ9sZihqqRDw+kKCWCTN4X8mbV+FVjQwB66WYaFIMe:stkLA3u4HsCZ9fhqqVpbGhQwA6WYaTYt
                                                                                                                                                                                                                                                            MD5:BE91F222C96D4F389A12B0AB088EC54C
                                                                                                                                                                                                                                                            SHA1:4734AE94987C0A9CDBF53B447E2662975D309BD3
                                                                                                                                                                                                                                                            SHA-256:2B4596E9C7AD77E82EC44F56153649DE1DA075A1BB1711851126CFBA6FDC11ED
                                                                                                                                                                                                                                                            SHA-512:C076F39CC71223903998FA53D1C0FD6CD239D4100EBBE7B2DACBE4100DEBA22E2472A27D2EBD5ECC99A1F9C4B907EB8B8649DF7C581AFB58E0F23851CAE17AF1
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13386207612164045","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117794":{"last_path":""},"380c71d3-10bf-4a5d-9a06-c932e4b7d1d8":{"last_path":""},"3a2f4dee-d482-4ef8-baef-cb22b6496

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):11755
                                                                                                                                                                                                                                                            Entropy (8bit):5.190465908239046
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                                                                                                                                                            MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                                                                                                                                                            SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                                                                                                                                                            SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                                                                                                                                                            SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\d54a70c9-ac0c-4ff6-b1d8-75a4a2db65e4.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:very short file (no magic)
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):1
                                                                                                                                                                                                                                                            Entropy (8bit):0.0
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:L:L
                                                                                                                                                                                                                                                            MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                                                                                                                                                            SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                                                                                                                                                            SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                                                                                                                                                            SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):28672
                                                                                                                                                                                                                                                            Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                                                            MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                                                            SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                                                            SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                                                            SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):32768
                                                                                                                                                                                                                                                            Entropy (8bit):0.10889865724420288
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:0OPMJ9OPMJzLpEjVl/PnnnnnnnnnnnnnvoQrEo8VF4D:0OP+9OP+hoPnnnnnnnnnnnnnvBjpD
                                                                                                                                                                                                                                                            MD5:F2B80309C3DF1988C7603D4FFD6A4F7C
                                                                                                                                                                                                                                                            SHA1:4A0094136946FAB877EF2162670AF0F5D2DDB862
                                                                                                                                                                                                                                                            SHA-256:DEC86390403AE5E961BAF34755E26BD27297502585E0CC7B88E8402CA6DED683
                                                                                                                                                                                                                                                            SHA-512:65EB4B762ABA5FD2A2DB2CF9621B297B38F5F6896A1D31AE8DC45C43B5430458BB4FF3849973F74F7AC7B92842678ADD6BDE2072DCBD07CB5754185538E865EB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:..-.............U.......0.q....f.4..}....y.?Z...-.............U.......0.q....f.4..}....y.?Z.........Q...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):350232
                                                                                                                                                                                                                                                            Entropy (8bit):0.9806833355793704
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:384:G2o+450CqYDwCGDPwdUqVoZg/fl8HiJE6EFhlog8n5S5Q8zFSYt+8peYyYy66yst:iIeGVH2eCExrOn5IDD1esk
                                                                                                                                                                                                                                                            MD5:11C5260F7D798D24663D64A77609DF25
                                                                                                                                                                                                                                                            SHA1:D85B55C9FDF18E0451DAF371C57C245E178DF7E9
                                                                                                                                                                                                                                                            SHA-256:8336A01F81C4B76B82F1FAD2225FC7C1C14A132C77DBF00963EF06E99C0F872F
                                                                                                                                                                                                                                                            SHA-512:A9C53D6951D5B1DF56FCE2BA9B078E2D329C75335C7A3001CA713AA0971BD2B560C36F45692DC644F2A42FB7CA13106684D7BFF8E45715201DA39155A885CDA1
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):628
                                                                                                                                                                                                                                                            Entropy (8bit):3.232308722158839
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:/XntM+iTl3sedhOKOuuuuuuuuuuuuuuuuuuuuuuudsedhOT:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuu82
                                                                                                                                                                                                                                                            MD5:2FE211FC4175A8E77F2469071E0C3734
                                                                                                                                                                                                                                                            SHA1:52B04EF613A895967FCAD03C4AC1DCB63514A8D2
                                                                                                                                                                                                                                                            SHA-256:0F30E29E382DBEA0E35C3CC479DB6069B2DBE23F72DA6510F4DC81FBE2452E47
                                                                                                                                                                                                                                                            SHA-512:0303382DDFC44DD7AA240827292297A08CB6BA19796AA0799AF8DECA4DDFFAB2A5B030921F935C792AA09F83402F2A61AF589DCC958DA8619D4B97D373FA4A96
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=................)#.0................39_config..........6.....n ...1

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                            Entropy (8bit):5.168520635227095
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtJSj+q2P923oH+TcwtfrK+IFUtoRtJVXZmwCRtJV3VkwO923oH+TcwtfrUed:7GRlv4Yeb23FUtoRV/CRH5LYeb3J
                                                                                                                                                                                                                                                            MD5:B387D14E8D53634FDFCBDF6F4A7FF349
                                                                                                                                                                                                                                                            SHA1:1F312FDA4AB9D3A89FFEDCF76F80923D8FA2037A
                                                                                                                                                                                                                                                            SHA-256:CA224D16FE283443521B1CD1F1F040143A53227FC6A78226D80565A233E0F338
                                                                                                                                                                                                                                                            SHA-512:8057839A06C07F469965E2F7BC913630FC60028EA78C8635B83E8B9760D7928513A368071DA94641C76D4C6F000975B5FC5EA1F281988293E7BEE80E3FB70BA0
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.237 1a88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/03/11-19:00:12.238 1a88 Recovering log #3.2025/03/11-19:00:12.238 1a88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):324
                                                                                                                                                                                                                                                            Entropy (8bit):5.168520635227095
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtJSj+q2P923oH+TcwtfrK+IFUtoRtJVXZmwCRtJV3VkwO923oH+TcwtfrUed:7GRlv4Yeb23FUtoRV/CRH5LYeb3J
                                                                                                                                                                                                                                                            MD5:B387D14E8D53634FDFCBDF6F4A7FF349
                                                                                                                                                                                                                                                            SHA1:1F312FDA4AB9D3A89FFEDCF76F80923D8FA2037A
                                                                                                                                                                                                                                                            SHA-256:CA224D16FE283443521B1CD1F1F040143A53227FC6A78226D80565A233E0F338
                                                                                                                                                                                                                                                            SHA-512:8057839A06C07F469965E2F7BC913630FC60028EA78C8635B83E8B9760D7928513A368071DA94641C76D4C6F000975B5FC5EA1F281988293E7BEE80E3FB70BA0
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.237 1a88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2025/03/11-19:00:12.238 1a88 Recovering log #3.2025/03/11-19:00:12.238 1a88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):821
                                                                                                                                                                                                                                                            Entropy (8bit):4.072934107791413
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ySxs:G0nYUtypD3RUovhC+lvBOL+t3IvB8Sxs
                                                                                                                                                                                                                                                            MD5:4BF02D21DA57104917A69930154C8AB2
                                                                                                                                                                                                                                                            SHA1:C6ED5CE894DD9F539FD8E830B2F40E30CCAE6820
                                                                                                                                                                                                                                                            SHA-256:588F7B31FA9A3559FAB4F6492807FD86CB6791018BFD24CB1906B1B06648D8EB
                                                                                                                                                                                                                                                            SHA-512:D3D687A0194CF98A5A007E2FA8B7B6C31FFF6E677549FF829FE1A048B8074B4A751130A4CB57CED484A28547080550FE0CF18D5DA2B152D087EA1C7FB7A6677A
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... ......................__global... .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):342
                                                                                                                                                                                                                                                            Entropy (8bit):5.152400594317729
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtwEtN+q2P923oH+TcwtfrzAdIFUtoRtaZmwCRtGVVkwO923oH+TcwtfrzILJ:7GRWEGv4Yeb9FUtoRI/CRwb5LYeb2J
                                                                                                                                                                                                                                                            MD5:4302D3338F4EAB5759825241A4E2C286
                                                                                                                                                                                                                                                            SHA1:A9056CB171C28A451A90FF9C39C3912DEB23FFAB
                                                                                                                                                                                                                                                            SHA-256:5B566EBC91D96B9A9FC88688A8F83ADD7768303294FDB532CF70BDE2572D6F4F
                                                                                                                                                                                                                                                            SHA-512:A8073B84A419D9394915851D77616FD657F9B03C8354C14E7B6B836EF9CA992E231020CC0126D2FE6ADD87191FFFEDAF74C5925D2DA7D46BA165CDC7D3C10D23
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.184 1a88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/03/11-19:00:12.185 1a88 Recovering log #3.2025/03/11-19:00:12.198 1a88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):342
                                                                                                                                                                                                                                                            Entropy (8bit):5.152400594317729
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:6:iOGRtwEtN+q2P923oH+TcwtfrzAdIFUtoRtaZmwCRtGVVkwO923oH+TcwtfrzILJ:7GRWEGv4Yeb9FUtoRI/CRwb5LYeb2J
                                                                                                                                                                                                                                                            MD5:4302D3338F4EAB5759825241A4E2C286
                                                                                                                                                                                                                                                            SHA1:A9056CB171C28A451A90FF9C39C3912DEB23FFAB
                                                                                                                                                                                                                                                            SHA-256:5B566EBC91D96B9A9FC88688A8F83ADD7768303294FDB532CF70BDE2572D6F4F
                                                                                                                                                                                                                                                            SHA-512:A8073B84A419D9394915851D77616FD657F9B03C8354C14E7B6B836EF9CA992E231020CC0126D2FE6ADD87191FFFEDAF74C5925D2DA7D46BA165CDC7D3C10D23
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:2025/03/11-19:00:12.184 1a88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2025/03/11-19:00:12.185 1a88 Recovering log #3.2025/03/11-19:00:12.198 1a88 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):120
                                                                                                                                                                                                                                                            Entropy (8bit):3.32524464792714
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                                                                                                                                                            MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                                                                                                                                                            SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                                                                                                                                                            SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                                                                                                                                                            SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):13
                                                                                                                                                                                                                                                            Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                                                            MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                                                            SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                                                            SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                                                            SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:117.0.2045.47

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):41620
                                                                                                                                                                                                                                                            Entropy (8bit):6.091575256515503
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBBFunhDO6vP6OBWc/vK2LGoup1Xl3jVzXr4CCAo7d:z/Ps+wsI7ynEb6Phu3VlXr4CRo5
                                                                                                                                                                                                                                                            MD5:FF85F7768A41559D6C55C0DFA2AB321B
                                                                                                                                                                                                                                                            SHA1:09A1FFC6C94BE75F2314852C2B41C9620A40D84A
                                                                                                                                                                                                                                                            SHA-256:A63E36051B1D30312BC7070384EEAC29EC7B197ACBB89432890C9AE1E2A82FC8
                                                                                                                                                                                                                                                            SHA-512:FAEAB74949908C1A7FB679FA4B1A05F9035EDD2CFD16103598975D42728D3E54C512A38503B4F8695A088B828B94FE44D94672359C6EB148C26819E4D1C06C9C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e4b9.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):41620
                                                                                                                                                                                                                                                            Entropy (8bit):6.091575256515503
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBBFunhDO6vP6OBWc/vK2LGoup1Xl3jVzXr4CCAo7d:z/Ps+wsI7ynEb6Phu3VlXr4CRo5
                                                                                                                                                                                                                                                            MD5:FF85F7768A41559D6C55C0DFA2AB321B
                                                                                                                                                                                                                                                            SHA1:09A1FFC6C94BE75F2314852C2B41C9620A40D84A
                                                                                                                                                                                                                                                            SHA-256:A63E36051B1D30312BC7070384EEAC29EC7B197ACBB89432890C9AE1E2A82FC8
                                                                                                                                                                                                                                                            SHA-512:FAEAB74949908C1A7FB679FA4B1A05F9035EDD2CFD16103598975D42728D3E54C512A38503B4F8695A088B828B94FE44D94672359C6EB148C26819E4D1C06C9C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e4f7.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):41620
                                                                                                                                                                                                                                                            Entropy (8bit):6.091575256515503
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBBFunhDO6vP6OBWc/vK2LGoup1Xl3jVzXr4CCAo7d:z/Ps+wsI7ynEb6Phu3VlXr4CRo5
                                                                                                                                                                                                                                                            MD5:FF85F7768A41559D6C55C0DFA2AB321B
                                                                                                                                                                                                                                                            SHA1:09A1FFC6C94BE75F2314852C2B41C9620A40D84A
                                                                                                                                                                                                                                                            SHA-256:A63E36051B1D30312BC7070384EEAC29EC7B197ACBB89432890C9AE1E2A82FC8
                                                                                                                                                                                                                                                            SHA-512:FAEAB74949908C1A7FB679FA4B1A05F9035EDD2CFD16103598975D42728D3E54C512A38503B4F8695A088B828B94FE44D94672359C6EB148C26819E4D1C06C9C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF2e804.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):41620
                                                                                                                                                                                                                                                            Entropy (8bit):6.091575256515503
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBBFunhDO6vP6OBWc/vK2LGoup1Xl3jVzXr4CCAo7d:z/Ps+wsI7ynEb6Phu3VlXr4CRo5
                                                                                                                                                                                                                                                            MD5:FF85F7768A41559D6C55C0DFA2AB321B
                                                                                                                                                                                                                                                            SHA1:09A1FFC6C94BE75F2314852C2B41C9620A40D84A
                                                                                                                                                                                                                                                            SHA-256:A63E36051B1D30312BC7070384EEAC29EC7B197ACBB89432890C9AE1E2A82FC8
                                                                                                                                                                                                                                                            SHA-512:FAEAB74949908C1A7FB679FA4B1A05F9035EDD2CFD16103598975D42728D3E54C512A38503B4F8695A088B828B94FE44D94672359C6EB148C26819E4D1C06C9C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF30e97.TMP (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                                                            File Type:JSON data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):41620
                                                                                                                                                                                                                                                            Entropy (8bit):6.091575256515503
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBBFunhDO6vP6OBWc/vK2LGoup1Xl3jVzXr4CCAo7d:z/Ps+wsI7ynEb6Phu3VlXr4CRo5
                                                                                                                                                                                                                                                            MD5:FF85F7768A41559D6C55C0DFA2AB321B
                                                                                                                                                                                                                                                            SHA1:09A1FFC6C94BE75F2314852C2B41C9620A40D84A
                                                                                                                                                                                                                                                            SHA-256:A63E36051B1D30312BC7070384EEAC29EC7B197ACBB89432890C9AE1E2A82FC8
                                                                                                                                                                                                                                                            SHA-512:FAEAB74949908C1A7FB679FA4B1A05F9035EDD2CFD16103598975D42728D3E54C512A38503B4F8695A088B828B94FE44D94672359C6EB148C26819E4D1C06C9C
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3372e.TMP (copy)

                                                                                                                                                                                                                                                            Download File