Edit tour

Windows Analysis Report
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031

Overview

General Information

Sample URL:	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031
Analysis ID:	1416889
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Queries the volume information (name, serial number etc) of a device

Stores files to the Windows start menu directory

Tries to load missing DLLs

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 1276 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,17643291499873608431,12210868481373475866,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

rundll32.exe (PID: 7472 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

PaintStudio.View.exe (PID: 7816 cmdline: "C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" MD5: 7E11B5F9F7A7FE66809577EC83971972)

PaintStudio.View.exe (PID: 7104 cmdline: "C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" MD5: 7E11B5F9F7A7FE66809577EC83971972)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.210.240.112:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49715 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183

Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3b3Yn9LcYKYOhOn&MD=wvAgFWda HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3b3Yn9LcYKYOhOn&MD=wvAgFWda HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGJW5lLAGIjBi9PQhwvCu8xsidkRQK4-Wu-ijFbl2Tn-IJ6uGgADoaLseDc5qoXZTbhrRHGWYJIQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGJW5lLAGIjDEtMeSbdsKTFupmRE7XFYXeyEzxbWbjBGXBv4CRFSB_bWJLa0LrH3ZszpniEBwYgQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGJW5lLAGIjBHd_AKJiXvmNxa7QOBoMc3TtwL5hSlYsTpvxIHp6hu5gHUnSeQnMynd2baB1bPi2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07

Source: unknown

DNS traffic detected: queries for: www.google.com

Source: PaintStudio.View.exe, 00000014.00000002.1955493986.000002148AB46000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://json-schema.org/draft-04/schema
Source: PaintStudio.View.exe, 0000000F.00000002.1661069213.0000021881114000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.a.0
Source: PaintStudio.View.exe, 00000014.00000002.2008287654.000002148D711000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.a.0(D
Source: PaintStudio.View.exe, 0000000F.00000002.1661069213.0000021881114000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2008287654.000002148D711000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.adobe.ho
Source: PaintStudio.View.exe, 00000014.00000002.2063637961.0000021493525000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1981844287.000002148C800000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, settings.dat.15.dr, settings.dat.LOG1.15.dr	String found in binary or memory: https://aka.ms/paint3dhelp
Source: PaintStudio.View.exe, 00000014.00000002.2038618715.000002148E38C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/paint3dhelpHD
Source: PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2045631763.000002148E600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.remix3d.com/
Source: PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.remix3d.com/v3/creations
Source: PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.remix3d.com/v3/creations/
Source: PaintStudio.View.exe, 0000000F.00000002.1681026219.0000021881F7E000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2044751625.000002148E55D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.remix3d.com/v3/creationse
Source: PaintStudio.View.exe, 0000000F.00000002.1677469961.0000021881DC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://evoke-windowsservices-tas.msedge.net/
Source: PaintStudio.View.exe, 0000000F.00000002.1621417542.0000021806619000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1677469961.0000021881DC3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1951722900.000002148AA1D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://evoke-windowsservices-tas.msedge.net/ab
Source: PaintStudio.View.exe, 0000000F.00000002.1677469961.0000021881DC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://evoke-windowsservices-tas.msedge.net/abhttps://evoke-windowsservices-tas.msedge.net/ab
Source: PaintStudio.View.exe, 0000000F.00000002.1677469961.0000021881DC3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://evoke-windowsservices-tas.msedge.net/abx
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubble-int.azurewebsites.net
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubble-test.azurewebsites.net
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubble.edog.officeapps.live.com
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubble.officeapps.live-int.com
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubble.officeapps.live.com
Source: PaintStudio.View.exe, 0000000F.00000002.1648196700.0000021880178000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1553199812.00000218808A8000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1555352027.00000218808AA000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1559076087.00000218808AA000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1994354792.000002148CE00000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1986380329.000002148C94E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubble.officeapps.live.com/mediasvc/api/media/
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubblecontent.osi.office-int.net
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubblecontent.osi.office.net
Source: PaintStudio.View.exe, 0000000F.00000002.1648196700.0000021880178000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1986380329.000002148C94E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/
Source: PaintStudio.View.exe, 0000000F.00000002.1648712362.00000218801C9000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1989068563.000002148CB00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/;Media=https://hubble.officeapps.live.com/medias
Source: PaintStudio.View.exe, 00000014.00000002.1994354792.000002148CE00000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/e
Source: PaintStudio.View.exe, 0000000F.00000003.1553199812.00000218808A8000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1555352027.00000218808AA000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1559076087.00000218808AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/we
Source: PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://hubblecontent.osi.officeppe.netRESP
Source: PaintStudio.View.exe, 0000000F.00000002.1624292159.000002180687C000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1960621724.000002148AC8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com
Source: PaintStudio.View.exe, 00000014.00000002.1957656890.000002148ABD0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.local
Source: PaintStudio.View.exe, 0000000F.00000002.1623706663.000002180681E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.windows.local1003
Source: PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1947021882.00000214839E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.preview.r
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.preview.remix3d.com
Source: PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.preview.remix3d.com/
Source: PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1947021882.00000214839E3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.preview.remix3d.com/blends/profile
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.preview.remix3d.com/details/
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1681574609.0000021882061000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1989967520.000002148CBBC000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.remix3d.com
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1681998812.000002188209B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1676704850.0000021881D5D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2045631763.000002148E600000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1965287440.000002148AF34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.remix3d.com/
Source: PaintStudio.View.exe, 0000000F.00000002.1681998812.000002188209B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1965287440.000002148AF34000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.remix3d.com/_SSL
Source: PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1647523963.0000021880113000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1660253380.000002188108D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2045631763.000002148E600000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.remix3d.com/blends/profile
Source: PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.remix3d.com/details/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723

Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49710 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.210.240.112:443 -> 192.168.2.16:49711 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.16:49712 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49715 version: TLS 1.2

Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: telemetryuwp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: vccorlib140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: sharedmemoryuwp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.xaml.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.system.profile.retailinfo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.storage.applicationdata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rometadata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.staterepositoryclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.xaml.controls.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.core.textinput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.web.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: concrt140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.applicationmodel.datatransfer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.networking.connectivity.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.accountscontrol.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.energy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.graphics.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.web.http.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.xaml.phone.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: certenroll.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dsparse.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ninput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: efswrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wuceffects.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.system.profile.systemid.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: clipc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: cryptowinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.system.userprofile.diagnosticssettings.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: telemetryuwp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: vccorlib140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: sharedmemoryuwp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: vcruntime140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msvcp140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: execmodelclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.shell.servicehostbuilder.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: execmodelproxy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.xaml.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dcomp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windowmanagementapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: inputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dxgi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: resourcepolicyclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: d3d11.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.staterepositorycore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: d3d10warp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dxcore.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.system.profile.retailinfo.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.applicationmodel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: d2d1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.storage.applicationdata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rometadata.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mrmcorer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.staterepositoryclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: bcp47mrm.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.globalization.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: vcruntime140_1_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.xaml.controls.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rmclient.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: uiamanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.core.textinput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.immersive.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dataexchange.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.web.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: concrt140_app.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.applicationmodel.datatransfer.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.networking.connectivity.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.accountscontrol.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.devices.enumeration.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: devdispitemprovider.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.energy.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.graphics.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: directmanipulation.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: twinapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: profext.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: efswrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.web.http.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: firewallapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: fwbase.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mfplat.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rtworkq.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: threadpoolwinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msxml6.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wpnapps.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: msftedit.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: globinputhost.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.ui.xaml.phone.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ninput.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: certenroll.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: certca.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: dsparse.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.system.profile.systemid.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: clipc.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: cryptowinrt.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: windows.system.userprofile.diagnosticssettings.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: wuceffects.dll	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Section loaded: edputil.dll	Jump to behavior

Source: classification engine

Classification label: clean1.win@20/54@4/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\575231e4-3589-4cf5-8fb0-76bc26471e60.tmp

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,17643291499873608431,12210868481373475866,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe "C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"
Source: unknown	Process created: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe "C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,17643291499873608431,12210868481373475866,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A66AEDC-93C3-4ACC-BA96-08F5716429F7}\InProcServer32

Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe

File opened: C:\Windows\SYSTEM32\msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: PaintStudio.View.exe, 0000000F.00000002.1662702374.0000021881200000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ToolsVMToolsVMTools
Source: PaintStudio.View.exe, 0000000F.00000002.1654979056.00000218809B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: 4NECVMWar VMware SATA
Source: PaintStudio.View.exe, 00000014.00000002.2011557675.000002148D82B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ToolsVMTools
Source: PaintStudio.View.exe, 00000014.00000002.2011557675.000002148D82B000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ToolsVMToolsVM
Source: PaintStudio.View.exe, 0000000F.00000002.1654979056.00000218809B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ;;SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: PaintStudio.View.exe, 0000000F.00000002.1655680973.0000021880C13000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1998388960.000002148CFD6000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: PaintStudio.View.exe, 0000000F.00000002.1654979056.00000218809B3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: JVMware Virtual disk SCSI Disk Device

Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Textures VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\EngineConfigId.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\SceneData.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_0.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_1.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_2.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_3.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_4.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_5.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_6.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_8.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_7.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Textures VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Windows\Fonts\segoeuil.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\PaintA.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Fonts\BhaiMDL2.2.52.ttf VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\SceneData.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\EngineConfigId.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_0.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_1.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_2.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_3.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_4.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_5.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_6.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_7.bin VolumeInformation	Jump to behavior
Source: C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe	Queries volume information: C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_8.bin VolumeInformation	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	1 Process Injection	1 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 Registry Run Keys / Startup Folder	1 DLL Side-Loading	1 Rundll32	LSASS Memory	11 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 Registry Run Keys / Startup Folder	1 Process Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 DLL Side-Loading	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label	Link
https://login.windows.local	0%	URL Reputation	safe
http://ns.adobe.ho	0%	Avira URL Cloud	safe
http://ns.a.0(D	0%	Avira URL Cloud	safe
https://hubblecontent.osi.office-int.net	0%	Avira URL Cloud	safe
https://hubblecontent.osi.officeppe.netRESP	0%	Avira URL Cloud	safe
https://login.windows.local1003	0%	Avira URL Cloud	safe
http://ns.a.0	0%	Avira URL Cloud	safe
https://hubble-test.azurewebsites.net	0%	Avira URL Cloud	safe
https://hubble-int.azurewebsites.net	0%	Avira URL Cloud	safe
https://www.preview.r	0%	Avira URL Cloud	safe
https://hubblecontent.osi.office-int.net	0%	Virustotal		Browse
https://hubble-int.azurewebsites.net	0%	Virustotal		Browse
https://hubble-test.azurewebsites.net	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
www.google.com	172.253.62.103	true	false		high

Contacted URLs

Name	Malicious	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGJW5lLAGIjBHd_AKJiXvmNxa7QOBoMc3TtwL5hSlYsTpvxIHp6hu5gHUnSeQnMynd2baB1bPi2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGJW5lLAGIjDEtMeSbdsKTFupmRE7XFYXeyEzxbWbjBGXBv4CRFSB_bWJLa0LrH3ZszpniEBwYgQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high
https://www.google.com/async/newtab_promos	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/async/ddljson?async=ntp:2	false	high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false	high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false	high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGJW5lLAGIjBi9PQhwvCu8xsidkRQK4-Wu-ijFbl2Tn-IJ6uGgADoaLseDc5qoXZTbhrRHGWYJIQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/paint3dhelp	PaintStudio.View.exe, 00000014.00000002.2063637961.0000021493525000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1981844287.000002148C800000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, settings.dat.15.dr, settings.dat.LOG1.15.dr	false		high
http://ns.a.0(D	PaintStudio.View.exe, 00000014.00000002.2008287654.000002148D711000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://hubble.officeapps.live-int.com	PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.remix3d.com	PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1681574609.0000021882061000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1989967520.000002148CBBC000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.windows.local1003	PaintStudio.View.exe, 0000000F.00000002.1623706663.000002180681E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.preview.remix3d.com/	PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.remix3d.com/_SSL	PaintStudio.View.exe, 0000000F.00000002.1681998812.000002188209B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1965287440.000002148AF34000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ns.adobe.ho	PaintStudio.View.exe, 0000000F.00000002.1661069213.0000021881114000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2008287654.000002148D711000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://json-schema.org/draft-04/schema	PaintStudio.View.exe, 00000014.00000002.1955493986.000002148AB46000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.remix3d.com/v3/creationse	PaintStudio.View.exe, 0000000F.00000002.1681026219.0000021881F7E000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2044751625.000002148E55D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.remix3d.com/blends/profile	PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1647523963.0000021880113000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1660253380.000002188108D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2045631763.000002148E600000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.remix3d.com/	PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2045631763.000002148E600000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.preview.remix3d.com	PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.preview.remix3d.com/details/	PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.remix3d.com/details/	PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://hubblecontent.osi.officeppe.netRESP	PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.remix3d.com/	PaintStudio.View.exe, 0000000F.00000002.1681780653.000002188207A000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1681998812.000002188209B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000002.1676704850.0000021881D5D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2045631763.000002148E600000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1965287440.000002148AF34000.00000004.00000020.00020000.00000000.sdmp	false		high
https://login.windows.local	PaintStudio.View.exe, 00000014.00000002.1957656890.000002148ABD0000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://hubblecontent.osi.office-int.net	PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.remix3d.com/v3/creations/	PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://api.remix3d.com/v3/creations	PaintStudio.View.exe, 00000014.00000002.2009517742.000002148D79D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.preview.remix3d.com/blends/profile	PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 0000000F.00000003.1549169113.0000021886EE7000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2046158991.000002148E634000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.2047305957.000002148E68B000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1947021882.00000214839E3000.00000004.00000020.00020000.00000000.sdmp	false		high
http://ns.a.0	PaintStudio.View.exe, 0000000F.00000002.1661069213.0000021881114000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://aka.ms/paint3dhelpHD	PaintStudio.View.exe, 00000014.00000002.2038618715.000002148E38C000.00000004.00000020.00020000.00000000.sdmp	false		high
https://hubble-int.azurewebsites.net	PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://hubble-test.azurewebsites.net	PaintStudio.View.exe, 00000014.00000002.1941477317.0000021483807000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.preview.r	PaintStudio.View.exe, 0000000F.00000002.1643602496.000002187F5F3000.00000004.00000020.00020000.00000000.sdmp, PaintStudio.View.exe, 00000014.00000002.1947021882.00000214839E3000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.253.122.105	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.253.62.103	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1416889
Start date and time:	2024-03-28 08:28:31 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 52s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	CLEAN
Classification:	clean1.win@20/54@4/4
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, RuntimeBroker.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 72.21.81.240, 172.253.115.94, 172.253.62.101, 172.253.62.100, 172.253.62.113, 172.253.62.139, 172.253.62.138, 172.253.62.102, 172.253.115.84, 34.104.35.123, 52.167.17.97, 13.107.5.88, 142.250.31.94, 20.44.239.154, 40.119.249.228
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, settings-prod-sea-2.southeastasia.cloudapp.azure.com, clientservices.googleapis.com, settings-prod-sea-1.southeastasia.cloudapp.azure.com, e-0009.e-msedge.net, wu.azureedge.net, clients2.google.com, atm-settingsfe-prod-geo2.trafficmanager.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, update.googleapis.com, settings-prod-eus2-2.eastus2.cloudapp.azure.com, evoke-windowsservices-tas-msedge-net.e-0009.e-msedge.net, clients1.google.com, fs.microsoft.com, accounts.google.com, wu.ec.azureedge.net, ctldl.windowsupdate.com, settings-win.data.microsoft.com, wu-bg-shim.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net, edgedl.me.gvt1.com, evoke-windowsservices-tas.msedge.net, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	1551
Entropy (8bit):	5.347198024752303
Encrypted:	false
SSDEEP:	48:YgaFFJMrH10QlF30JTUFEvqAar81q1uErSP:qFrMrBF3yIFEv/qYErSP
MD5:	7857ACE6765109E4D6CEB122317BCF8C
SHA1:	925196F7A736500088ACD3CD86EAE635617D50DF
SHA-256:	D519CF77E6C92AF6DF5208C85FCB237A5C3A9EA0CB605309E3833D0F965A96E0
SHA-512:	85897061DB94563666A1F7CD3BCC069978C8B19DED9E2535DBC6971F292B3DE232D3237BD40B19563F5593A473FB7FEB29535A6065A10D839F9377898023D564
Malicious:	false
Reputation:	low
Preview:	{"Features":["highqualitycapturec","aates121cf","empro702","j0c1f122","b37c6811","524ea403","i47be178","h51f0342","hde1g267","4jjfb768","6afgb651","50c79106","45hig449","abi0g817","dif22219"],"Flights":{"mixedrealityviewer1":"highqualitycapturec","14g6":"aates121cf","1hje":"empro702","4d2a":"j0c1f122","509d":"b37c6811","50oh":"524ea403","5dw7":"i47be178","5fl2":"h51f0342","5fyo":"hde1g267","5fyq":"4jjfb768","5g1s":"6afgb651","5g2d":"50c79106","5nag":"45hig449","5uku":"abi0g817","5vph":"dif22219"},"Configs":[{"Id":"EMMX","Parameters":{"Prompt-Ruby-To-Anaheim-Rollout":true}},{"Id":"Evoke","Parameters":{"ClipChampPromo-ButtonAlternateText-IsEnabled":false,"ClipChampPromo-Download-IsMini":1,"ClipChampPromo_TeachingMomentAlternateText_IsEnabled":true,"EditHVC-GenerativeErase-IsEnabled":true,"LocationSearch-IsEnabled":true,"LocationSearch_IsEnabled":true,"OneDrive-NotSignedIn-AlternativeText-Value-Int":1,"OneDriveOnlineSearch-IndexWarming-IsEnabled":true,"OneDriveOnlineSearch-IsEnabled":true

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	479
Entropy (8bit):	5.191293422150633
Encrypted:	false
SSDEEP:	12:6xFA+TYKAun+lcRJpgj1fdLsL3UIQlSAun+lNJRJpgj1fdLs6:YAIAunyUSNdgjREVuny/SNdg6
MD5:	C5E2A34D163E1DE2A28FA793BD429E3A
SHA1:	8BCAB5C65B390AB0FF70423F8146D6F978979038
SHA-256:	E3F9B0493370F2E1F123ED305E7B22546DA97264A2DD51628F4AAD7C575C9AB1
SHA-512:	00E87947DB2550328479CF8F905DEE10CB966F6B7D7FD46F90CE23A24E7EF9EFEF5914442700294D7B89071F8BA5124F507DC20D08A6DB351E880D3062C9FC48
Malicious:	false
Reputation:	low
Preview:	[{"Id":"{cddbb9a7-50bd-4244-9c46-8f6193881ba6}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088551281837E+17,"Path":"Projects\\WorkingFolder (2)","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false},{"Id":"{475b52ab-cbfe-4b93-9d73-aeb6fe5fe3e8}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088523994398E+17,"Path":"Projects\\WorkingFolder","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false}]

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json.~tmp

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	479
Entropy (8bit):	5.191293422150633
Encrypted:	false
SSDEEP:	12:6xFA+TYKAun+lcRJpgj1fdLsL3UIQlSAun+lNJRJpgj1fdLs6:YAIAunyUSNdgjREVuny/SNdg6
MD5:	C5E2A34D163E1DE2A28FA793BD429E3A
SHA1:	8BCAB5C65B390AB0FF70423F8146D6F978979038
SHA-256:	E3F9B0493370F2E1F123ED305E7B22546DA97264A2DD51628F4AAD7C575C9AB1
SHA-512:	00E87947DB2550328479CF8F905DEE10CB966F6B7D7FD46F90CE23A24E7EF9EFEF5914442700294D7B89071F8BA5124F507DC20D08A6DB351E880D3062C9FC48
Malicious:	false
Reputation:	low
Preview:	[{"Id":"{cddbb9a7-50bd-4244-9c46-8f6193881ba6}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088551281837E+17,"Path":"Projects\\WorkingFolder (2)","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false},{"Id":"{475b52ab-cbfe-4b93-9d73-aeb6fe5fe3e8}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088523994398E+17,"Path":"Projects\\WorkingFolder","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false}]

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3e84b3.TMP (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	479
Entropy (8bit):	5.191293422150633
Encrypted:	false
SSDEEP:	12:6xFA+TYKAun+lcRJpgj1fdLsL3UIQlSAun+lNJRJpgj1fdLs6:YAIAunyUSNdgjREVuny/SNdg6
MD5:	C5E2A34D163E1DE2A28FA793BD429E3A
SHA1:	8BCAB5C65B390AB0FF70423F8146D6F978979038
SHA-256:	E3F9B0493370F2E1F123ED305E7B22546DA97264A2DD51628F4AAD7C575C9AB1
SHA-512:	00E87947DB2550328479CF8F905DEE10CB966F6B7D7FD46F90CE23A24E7EF9EFEF5914442700294D7B89071F8BA5124F507DC20D08A6DB351E880D3062C9FC48
Malicious:	false
Reputation:	low
Preview:	[{"Id":"{cddbb9a7-50bd-4244-9c46-8f6193881ba6}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088551281837E+17,"Path":"Projects\\WorkingFolder (2)","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false},{"Id":"{475b52ab-cbfe-4b93-9d73-aeb6fe5fe3e8}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088523994398E+17,"Path":"Projects\\WorkingFolder","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false}]

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3e9378.TMP (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	479
Entropy (8bit):	5.191293422150633
Encrypted:	false
SSDEEP:	12:6xFA+TYKAun+lcRJpgj1fdLsL3UIQlSAun+lNJRJpgj1fdLs6:YAIAunyUSNdgjREVuny/SNdg6
MD5:	C5E2A34D163E1DE2A28FA793BD429E3A
SHA1:	8BCAB5C65B390AB0FF70423F8146D6F978979038
SHA-256:	E3F9B0493370F2E1F123ED305E7B22546DA97264A2DD51628F4AAD7C575C9AB1
SHA-512:	00E87947DB2550328479CF8F905DEE10CB966F6B7D7FD46F90CE23A24E7EF9EFEF5914442700294D7B89071F8BA5124F507DC20D08A6DB351E880D3062C9FC48
Malicious:	false
Reputation:	low
Preview:	[{"Id":"{cddbb9a7-50bd-4244-9c46-8f6193881ba6}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088551281837E+17,"Path":"Projects\\WorkingFolder (2)","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false},{"Id":"{475b52ab-cbfe-4b93-9d73-aeb6fe5fe3e8}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088523994398E+17,"Path":"Projects\\WorkingFolder","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false}]

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3e9397.TMP (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	479
Entropy (8bit):	5.191293422150633
Encrypted:	false
SSDEEP:	12:6xFA+TYKAun+lcRJpgj1fdLsL3UIQlSAun+lNJRJpgj1fdLs6:YAIAunyUSNdgjREVuny/SNdg6
MD5:	C5E2A34D163E1DE2A28FA793BD429E3A
SHA1:	8BCAB5C65B390AB0FF70423F8146D6F978979038
SHA-256:	E3F9B0493370F2E1F123ED305E7B22546DA97264A2DD51628F4AAD7C575C9AB1
SHA-512:	00E87947DB2550328479CF8F905DEE10CB966F6B7D7FD46F90CE23A24E7EF9EFEF5914442700294D7B89071F8BA5124F507DC20D08A6DB351E880D3062C9FC48
Malicious:	false
Reputation:	low
Preview:	[{"Id":"{cddbb9a7-50bd-4244-9c46-8f6193881ba6}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088551281837E+17,"Path":"Projects\\WorkingFolder (2)","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false},{"Id":"{475b52ab-cbfe-4b93-9d73-aeb6fe5fe3e8}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088523994398E+17,"Path":"Projects\\WorkingFolder","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false}]

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3eec46.TMP (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	479
Entropy (8bit):	5.191293422150633
Encrypted:	false
SSDEEP:	12:6xFA+TYKAun+lcRJpgj1fdLsL3UIQlSAun+lNJRJpgj1fdLs6:YAIAunyUSNdgjREVuny/SNdg6
MD5:	C5E2A34D163E1DE2A28FA793BD429E3A
SHA1:	8BCAB5C65B390AB0FF70423F8146D6F978979038
SHA-256:	E3F9B0493370F2E1F123ED305E7B22546DA97264A2DD51628F4AAD7C575C9AB1
SHA-512:	00E87947DB2550328479CF8F905DEE10CB966F6B7D7FD46F90CE23A24E7EF9EFEF5914442700294D7B89071F8BA5124F507DC20D08A6DB351E880D3062C9FC48
Malicious:	false
Reputation:	low
Preview:	[{"Id":"{cddbb9a7-50bd-4244-9c46-8f6193881ba6}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088551281837E+17,"Path":"Projects\\WorkingFolder (2)","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false},{"Id":"{475b52ab-cbfe-4b93-9d73-aeb6fe5fe3e8}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088523994398E+17,"Path":"Projects\\WorkingFolder","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false}]

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3efca2.TMP (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	479
Entropy (8bit):	5.191293422150633
Encrypted:	false
SSDEEP:	12:6xFA+TYKAun+lcRJpgj1fdLsL3UIQlSAun+lNJRJpgj1fdLs6:YAIAunyUSNdgjREVuny/SNdg6
MD5:	C5E2A34D163E1DE2A28FA793BD429E3A
SHA1:	8BCAB5C65B390AB0FF70423F8146D6F978979038
SHA-256:	E3F9B0493370F2E1F123ED305E7B22546DA97264A2DD51628F4AAD7C575C9AB1
SHA-512:	00E87947DB2550328479CF8F905DEE10CB966F6B7D7FD46F90CE23A24E7EF9EFEF5914442700294D7B89071F8BA5124F507DC20D08A6DB351E880D3062C9FC48
Malicious:	false
Reputation:	low
Preview:	[{"Id":"{cddbb9a7-50bd-4244-9c46-8f6193881ba6}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088551281837E+17,"Path":"Projects\\WorkingFolder (2)","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false},{"Id":"{475b52ab-cbfe-4b93-9d73-aeb6fe5fe3e8}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088523994398E+17,"Path":"Projects\\WorkingFolder","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false}]

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3f100b.TMP (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	479
Entropy (8bit):	5.191293422150633
Encrypted:	false
SSDEEP:	12:6xFA+TYKAun+lcRJpgj1fdLsL3UIQlSAun+lNJRJpgj1fdLs6:YAIAunyUSNdgjREVuny/SNdg6
MD5:	C5E2A34D163E1DE2A28FA793BD429E3A
SHA1:	8BCAB5C65B390AB0FF70423F8146D6F978979038
SHA-256:	E3F9B0493370F2E1F123ED305E7B22546DA97264A2DD51628F4AAD7C575C9AB1
SHA-512:	00E87947DB2550328479CF8F905DEE10CB966F6B7D7FD46F90CE23A24E7EF9EFEF5914442700294D7B89071F8BA5124F507DC20D08A6DB351E880D3062C9FC48
Malicious:	false
Reputation:	low
Preview:	[{"Id":"{cddbb9a7-50bd-4244-9c46-8f6193881ba6}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088551281837E+17,"Path":"Projects\\WorkingFolder (2)","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false},{"Id":"{475b52ab-cbfe-4b93-9d73-aeb6fe5fe3e8}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088523994398E+17,"Path":"Projects\\WorkingFolder","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false}]

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3f102a.TMP (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	479
Entropy (8bit):	5.191293422150633
Encrypted:	false
SSDEEP:	12:6xFA+TYKAun+lcRJpgj1fdLsL3UIQlSAun+lNJRJpgj1fdLs6:YAIAunyUSNdgjREVuny/SNdg6
MD5:	C5E2A34D163E1DE2A28FA793BD429E3A
SHA1:	8BCAB5C65B390AB0FF70423F8146D6F978979038
SHA-256:	E3F9B0493370F2E1F123ED305E7B22546DA97264A2DD51628F4AAD7C575C9AB1
SHA-512:	00E87947DB2550328479CF8F905DEE10CB966F6B7D7FD46F90CE23A24E7EF9EFEF5914442700294D7B89071F8BA5124F507DC20D08A6DB351E880D3062C9FC48
Malicious:	false
Reputation:	low
Preview:	[{"Id":"{cddbb9a7-50bd-4244-9c46-8f6193881ba6}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088551281837E+17,"Path":"Projects\\WorkingFolder (2)","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false},{"Id":"{475b52ab-cbfe-4b93-9d73-aeb6fe5fe3e8}","SourceId":"","Name":"Untitled","URI":"","DateTime":1.3356088523994398E+17,"Path":"Projects\\WorkingFolder","SourceFilePath":"","Version":0.21,"IsRecovered":false,"IsPreviouslySaved":false}]

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_0.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	387
Entropy (8bit):	2.011191789450306
Encrypted:	false
SSDEEP:	3:vlll/Takhionv//thPktkljR3MLts7CX9/yiWkPFQiVlt0WUdp:vtFbv/lhPktkjMR/0iWkPFQiPxcp
MD5:	6C7671DB64DD3AB15898DE495B3356D1
SHA1:	E17461D4D7678730A97BB34B8495C2A48AFB54A4
SHA-256:	04879008E8E65A1F5509F8FE750E782AF4BF43282B786E5EE2BDDD27B38AE6CC
SHA-512:	4F2B064DB0829F3376BE0B5382BD0D6CDD4023E10CFCAC0DF5EFDCAD4B66F0815DC91F0CD7B8A2C0C1EA2774FA6F24218F9F520CB9A0791077CF74195B0FB9C3
Malicious:	false
Reputation:	low
Preview:	............4.......k....PNG........IHDR.............\r.f....sRGB.........gAMA......a.....IDATx^..1......O.k. ..............................................................................................................................................................................................................................................................N..<....z9....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_1.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	387
Entropy (8bit):	2.011191789450306
Encrypted:	false
SSDEEP:	3:vlll/Takhionv//thPktkljR3MLts7CX9/yiWkPFQiVlt0WUdp:vtFbv/lhPktkjMR/0iWkPFQiPxcp
MD5:	6C7671DB64DD3AB15898DE495B3356D1
SHA1:	E17461D4D7678730A97BB34B8495C2A48AFB54A4
SHA-256:	04879008E8E65A1F5509F8FE750E782AF4BF43282B786E5EE2BDDD27B38AE6CC
SHA-512:	4F2B064DB0829F3376BE0B5382BD0D6CDD4023E10CFCAC0DF5EFDCAD4B66F0815DC91F0CD7B8A2C0C1EA2774FA6F24218F9F520CB9A0791077CF74195B0FB9C3
Malicious:	false
Reputation:	low
Preview:	............4.......k....PNG........IHDR.............\r.f....sRGB.........gAMA......a.....IDATx^..1......O.k. ..............................................................................................................................................................................................................................................................N..<....z9....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_2.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	316
Entropy (8bit):	2.3975185371704604
Encrypted:	false
SSDEEP:	3:vlll/TjlS2onv//thPllstRsLts7CX9/qhkPFQAa/lclbp:vt/8vv/lhPkYR/KkPFQAqWp
MD5:	DCB6E142AD9793C9FBDFE035E9C25705
SHA1:	15C3F904B8DF4AB50338D472B7CFE1D719505161
SHA-256:	1CFBD4BED6424FE2C6CD694950FDF3D1A5A984A7736B018604ADAD6933079374
SHA-512:	F7731A9CCDC53A0A4CDDDC46995D190F6835B4F1EDB4096F8D013AC2E75EAC71D6A6EDF109263454ED52626413CAD50F2018DC2B8A3BB3428BABAD8F27B7F102
Malicious:	false
Reputation:	low
Preview:	............4.......$....PNG........IHDR...............k....sRGB.........gAMA......a.....IDATx^..1......Om.O ...............................................................................................................................................................................................U....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_3.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	387
Entropy (8bit):	2.011191789450306
Encrypted:	false
SSDEEP:	3:vlll/Takhionv//thPktkljR3MLts7CX9/yiWkPFQiVlt0WUdp:vtFbv/lhPktkjMR/0iWkPFQiPxcp
MD5:	6C7671DB64DD3AB15898DE495B3356D1
SHA1:	E17461D4D7678730A97BB34B8495C2A48AFB54A4
SHA-256:	04879008E8E65A1F5509F8FE750E782AF4BF43282B786E5EE2BDDD27B38AE6CC
SHA-512:	4F2B064DB0829F3376BE0B5382BD0D6CDD4023E10CFCAC0DF5EFDCAD4B66F0815DC91F0CD7B8A2C0C1EA2774FA6F24218F9F520CB9A0791077CF74195B0FB9C3
Malicious:	false
Reputation:	low
Preview:	............4.......k....PNG........IHDR.............\r.f....sRGB.........gAMA......a.....IDATx^..1......O.k. ..............................................................................................................................................................................................................................................................N..<....z9....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_4.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	387
Entropy (8bit):	2.011191789450306
Encrypted:	false
SSDEEP:	3:vlll/Takhionv//thPktkljR3MLts7CX9/yiWkPFQiVlt0WUdp:vtFbv/lhPktkjMR/0iWkPFQiPxcp
MD5:	6C7671DB64DD3AB15898DE495B3356D1
SHA1:	E17461D4D7678730A97BB34B8495C2A48AFB54A4
SHA-256:	04879008E8E65A1F5509F8FE750E782AF4BF43282B786E5EE2BDDD27B38AE6CC
SHA-512:	4F2B064DB0829F3376BE0B5382BD0D6CDD4023E10CFCAC0DF5EFDCAD4B66F0815DC91F0CD7B8A2C0C1EA2774FA6F24218F9F520CB9A0791077CF74195B0FB9C3
Malicious:	false
Reputation:	low
Preview:	............4.......k....PNG........IHDR.............\r.f....sRGB.........gAMA......a.....IDATx^..1......O.k. ..............................................................................................................................................................................................................................................................N..<....z9....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_5.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	316
Entropy (8bit):	2.3975185371704604
Encrypted:	false
SSDEEP:	3:vlll/TjlS2onv//thPllstRsLts7CX9/qhkPFQAa/lclbp:vt/8vv/lhPkYR/KkPFQAqWp
MD5:	DCB6E142AD9793C9FBDFE035E9C25705
SHA1:	15C3F904B8DF4AB50338D472B7CFE1D719505161
SHA-256:	1CFBD4BED6424FE2C6CD694950FDF3D1A5A984A7736B018604ADAD6933079374
SHA-512:	F7731A9CCDC53A0A4CDDDC46995D190F6835B4F1EDB4096F8D013AC2E75EAC71D6A6EDF109263454ED52626413CAD50F2018DC2B8A3BB3428BABAD8F27B7F102
Malicious:	false
Reputation:	low
Preview:	............4.......$....PNG........IHDR...............k....sRGB.........gAMA......a.....IDATx^..1......Om.O ...............................................................................................................................................................................................U....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_6.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	185
Entropy (8bit):	3.65251379617563
Encrypted:	false
SSDEEP:	3:vlll/Tp/xonv//thPktlRiQlsLts7CX9/VyxWkPFQE+l//mQdp:vtd/6v/lhPktLiwsR/7hkPFQE+tuYp
MD5:	815DAF11D673DA23E2041131BEF163BD
SHA1:	7992EB20A838B20A4A4FD9E13AA487CFBCBB3F03
SHA-256:	283C098BCB06AC393DA46675C4ED8A05C1F434F63F3B921B91F5E891306DDF66
SHA-512:	590246F01E07C236A785003D8CB291BEDB3C58810286622D20E1B5210B334097E710B5B45F3C0AFB0DC6BDBD5FFDA7FE5C6C4B2C12B2362E35FFB6972A2204DA
Malicious:	false
Reputation:	low
Preview:	............4............PNG........IHDR.......4.....e..i....sRGB.........gAMA......a....KIDATx^..1......Om.. ....................................................T..4...KJ....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_7.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	185
Entropy (8bit):	3.65251379617563
Encrypted:	false
SSDEEP:	3:vlll/Tp/xonv//thPktlRiQlsLts7CX9/VyxWkPFQE+l//mQdp:vtd/6v/lhPktLiwsR/7hkPFQE+tuYp
MD5:	815DAF11D673DA23E2041131BEF163BD
SHA1:	7992EB20A838B20A4A4FD9E13AA487CFBCBB3F03
SHA-256:	283C098BCB06AC393DA46675C4ED8A05C1F434F63F3B921B91F5E891306DDF66
SHA-512:	590246F01E07C236A785003D8CB291BEDB3C58810286622D20E1B5210B334097E710B5B45F3C0AFB0DC6BDBD5FFDA7FE5C6C4B2C12B2362E35FFB6972A2204DA
Malicious:	false
Reputation:	low
Preview:	............4............PNG........IHDR.......4.....e..i....sRGB.........gAMA......a....KIDATx^..1......Om.. ....................................................T..4...KJ....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_8.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	170
Entropy (8bit):	3.922161721465097
Encrypted:	false
SSDEEP:	3:vlll/Tg/yionv//thPllLt/fMLts7CX9/UuIkPFQE+l//o46lB1p:vtXv/lhPp/fMR/aHkPFQE+tVKp
MD5:	D3697815EAA30DD421EA0F13D3342F44
SHA1:	4BCB2485D16732AE7F174617FD44F256FEFCF85C
SHA-256:	82A53CEE6E2275A3E32ADF92A9FE00C9E2D16F948E5536EE00372A8A19D31D06
SHA-512:	F87E0A816E00E3871014ECB1FB4A0752F7AE16854B4A3FE313F44F2EAA83E366A8553633CAC3B98AF556E2A56F862EE4865D5A66BBCF9E146357ED251F104DAF
Malicious:	false
Reputation:	low
Preview:	............4............PNG........IHDR.......4.....9A.d....sRGB.........gAMA......a....<IDATx^..1......Om.. ......................................5............IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\EngineConfigId.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	88
Entropy (8bit):	2.9160161239667026
Encrypted:	false
SSDEEP:	3:vlllhelqbSiFqhzIGCSOdTh6:vtIlViFXG/OdTh6
MD5:	2CB0D4339341E6189CD737B364CDCD82
SHA1:	52CB91F3D2F92C50D60630507182BB442F4AD6BD
SHA-256:	54332C4C577158182D35F4C8DCF1ACA73FF880B053F03B8E6E85E2BAB8C40938
SHA-512:	282D0047DB4C0B8A4BFF0935F8308CBDBC83DBE4AAF5CF77D193A697D77E4AD8EBE7D157FF89CFA65F6BCF445CE421E29D245082B2783E5DF8CA9000C2E97002
Malicious:	false
Reputation:	low
Preview:	........&...{.A.9.2.A.5.9.C.6.-.7.2.7.8.-.4.6.D.D.-.9.9.F.2.-.1.C.7.B.F.7.1.E.1.1.5.B.}.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\SceneData.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	22
Entropy (8bit):	1.7295290545023008
Encrypted:	false
SSDEEP:	3:vlll8/BG:vtmQ
MD5:	BF81BF0E729C39E718AC306CF07DD8C4
SHA1:	95348A05A5F0812D1FAD98C83500353FE63811C0
SHA-256:	50CFF32314082BF07E6652571B6F5B41ADD3A2EA70B665A15E63C606171C83D5
SHA-512:	5D02FE143020E0D8FDA6BEE43895AE83300D9609C05ED090D4BBE25F9CCF740C8B17E2DE9ACF837C9347C1BBB8C642E2A287CA49102E59E6D4B931827CB81DE4
Malicious:	false
Reputation:	low
Preview:	..............4.......

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_0.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	387
Entropy (8bit):	2.011191789450306
Encrypted:	false
SSDEEP:	3:vlll/Takhionv//thPktkljR3MLts7CX9/yiWkPFQiVlt0WUdp:vtFbv/lhPktkjMR/0iWkPFQiPxcp
MD5:	6C7671DB64DD3AB15898DE495B3356D1
SHA1:	E17461D4D7678730A97BB34B8495C2A48AFB54A4
SHA-256:	04879008E8E65A1F5509F8FE750E782AF4BF43282B786E5EE2BDDD27B38AE6CC
SHA-512:	4F2B064DB0829F3376BE0B5382BD0D6CDD4023E10CFCAC0DF5EFDCAD4B66F0815DC91F0CD7B8A2C0C1EA2774FA6F24218F9F520CB9A0791077CF74195B0FB9C3
Malicious:	false
Reputation:	low
Preview:	............4.......k....PNG........IHDR.............\r.f....sRGB.........gAMA......a.....IDATx^..1......O.k. ..............................................................................................................................................................................................................................................................N..<....z9....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_1.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	387
Entropy (8bit):	2.011191789450306
Encrypted:	false
SSDEEP:	3:vlll/Takhionv//thPktkljR3MLts7CX9/yiWkPFQiVlt0WUdp:vtFbv/lhPktkjMR/0iWkPFQiPxcp
MD5:	6C7671DB64DD3AB15898DE495B3356D1
SHA1:	E17461D4D7678730A97BB34B8495C2A48AFB54A4
SHA-256:	04879008E8E65A1F5509F8FE750E782AF4BF43282B786E5EE2BDDD27B38AE6CC
SHA-512:	4F2B064DB0829F3376BE0B5382BD0D6CDD4023E10CFCAC0DF5EFDCAD4B66F0815DC91F0CD7B8A2C0C1EA2774FA6F24218F9F520CB9A0791077CF74195B0FB9C3
Malicious:	false
Reputation:	low
Preview:	............4.......k....PNG........IHDR.............\r.f....sRGB.........gAMA......a.....IDATx^..1......O.k. ..............................................................................................................................................................................................................................................................N..<....z9....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_2.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	316
Entropy (8bit):	2.3975185371704604
Encrypted:	false
SSDEEP:	3:vlll/TjlS2onv//thPllstRsLts7CX9/qhkPFQAa/lclbp:vt/8vv/lhPkYR/KkPFQAqWp
MD5:	DCB6E142AD9793C9FBDFE035E9C25705
SHA1:	15C3F904B8DF4AB50338D472B7CFE1D719505161
SHA-256:	1CFBD4BED6424FE2C6CD694950FDF3D1A5A984A7736B018604ADAD6933079374
SHA-512:	F7731A9CCDC53A0A4CDDDC46995D190F6835B4F1EDB4096F8D013AC2E75EAC71D6A6EDF109263454ED52626413CAD50F2018DC2B8A3BB3428BABAD8F27B7F102
Malicious:	false
Reputation:	low
Preview:	............4.......$....PNG........IHDR...............k....sRGB.........gAMA......a.....IDATx^..1......Om.O ...............................................................................................................................................................................................U....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_3.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	387
Entropy (8bit):	2.011191789450306
Encrypted:	false
SSDEEP:	3:vlll/Takhionv//thPktkljR3MLts7CX9/yiWkPFQiVlt0WUdp:vtFbv/lhPktkjMR/0iWkPFQiPxcp
MD5:	6C7671DB64DD3AB15898DE495B3356D1
SHA1:	E17461D4D7678730A97BB34B8495C2A48AFB54A4
SHA-256:	04879008E8E65A1F5509F8FE750E782AF4BF43282B786E5EE2BDDD27B38AE6CC
SHA-512:	4F2B064DB0829F3376BE0B5382BD0D6CDD4023E10CFCAC0DF5EFDCAD4B66F0815DC91F0CD7B8A2C0C1EA2774FA6F24218F9F520CB9A0791077CF74195B0FB9C3
Malicious:	false
Reputation:	low
Preview:	............4.......k....PNG........IHDR.............\r.f....sRGB.........gAMA......a.....IDATx^..1......O.k. ..............................................................................................................................................................................................................................................................N..<....z9....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_4.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	387
Entropy (8bit):	2.011191789450306
Encrypted:	false
SSDEEP:	3:vlll/Takhionv//thPktkljR3MLts7CX9/yiWkPFQiVlt0WUdp:vtFbv/lhPktkjMR/0iWkPFQiPxcp
MD5:	6C7671DB64DD3AB15898DE495B3356D1
SHA1:	E17461D4D7678730A97BB34B8495C2A48AFB54A4
SHA-256:	04879008E8E65A1F5509F8FE750E782AF4BF43282B786E5EE2BDDD27B38AE6CC
SHA-512:	4F2B064DB0829F3376BE0B5382BD0D6CDD4023E10CFCAC0DF5EFDCAD4B66F0815DC91F0CD7B8A2C0C1EA2774FA6F24218F9F520CB9A0791077CF74195B0FB9C3
Malicious:	false
Reputation:	low
Preview:	............4.......k....PNG........IHDR.............\r.f....sRGB.........gAMA......a.....IDATx^..1......O.k. ..............................................................................................................................................................................................................................................................N..<....z9....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_5.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	316
Entropy (8bit):	2.3975185371704604
Encrypted:	false
SSDEEP:	3:vlll/TjlS2onv//thPllstRsLts7CX9/qhkPFQAa/lclbp:vt/8vv/lhPkYR/KkPFQAqWp
MD5:	DCB6E142AD9793C9FBDFE035E9C25705
SHA1:	15C3F904B8DF4AB50338D472B7CFE1D719505161
SHA-256:	1CFBD4BED6424FE2C6CD694950FDF3D1A5A984A7736B018604ADAD6933079374
SHA-512:	F7731A9CCDC53A0A4CDDDC46995D190F6835B4F1EDB4096F8D013AC2E75EAC71D6A6EDF109263454ED52626413CAD50F2018DC2B8A3BB3428BABAD8F27B7F102
Malicious:	false
Reputation:	low
Preview:	............4.......$....PNG........IHDR...............k....sRGB.........gAMA......a.....IDATx^..1......Om.O ...............................................................................................................................................................................................U....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_6.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	185
Entropy (8bit):	3.65251379617563
Encrypted:	false
SSDEEP:	3:vlll/Tp/xonv//thPktlRiQlsLts7CX9/VyxWkPFQE+l//mQdp:vtd/6v/lhPktLiwsR/7hkPFQE+tuYp
MD5:	815DAF11D673DA23E2041131BEF163BD
SHA1:	7992EB20A838B20A4A4FD9E13AA487CFBCBB3F03
SHA-256:	283C098BCB06AC393DA46675C4ED8A05C1F434F63F3B921B91F5E891306DDF66
SHA-512:	590246F01E07C236A785003D8CB291BEDB3C58810286622D20E1B5210B334097E710B5B45F3C0AFB0DC6BDBD5FFDA7FE5C6C4B2C12B2362E35FFB6972A2204DA
Malicious:	false
Reputation:	low
Preview:	............4............PNG........IHDR.......4.....e..i....sRGB.........gAMA......a....KIDATx^..1......Om.. ....................................................T..4...KJ....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_7.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	185
Entropy (8bit):	3.65251379617563
Encrypted:	false
SSDEEP:	3:vlll/Tp/xonv//thPktlRiQlsLts7CX9/VyxWkPFQE+l//mQdp:vtd/6v/lhPktLiwsR/7hkPFQE+tuYp
MD5:	815DAF11D673DA23E2041131BEF163BD
SHA1:	7992EB20A838B20A4A4FD9E13AA487CFBCBB3F03
SHA-256:	283C098BCB06AC393DA46675C4ED8A05C1F434F63F3B921B91F5E891306DDF66
SHA-512:	590246F01E07C236A785003D8CB291BEDB3C58810286622D20E1B5210B334097E710B5B45F3C0AFB0DC6BDBD5FFDA7FE5C6C4B2C12B2362E35FFB6972A2204DA
Malicious:	false
Reputation:	low
Preview:	............4............PNG........IHDR.......4.....e..i....sRGB.........gAMA......a....KIDATx^..1......Om.. ....................................................T..4...KJ....IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_8.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	170
Entropy (8bit):	3.922161721465097
Encrypted:	false
SSDEEP:	3:vlll/Tg/yionv//thPllLt/fMLts7CX9/UuIkPFQE+l//o46lB1p:vtXv/lhPp/fMR/aHkPFQE+tVKp
MD5:	D3697815EAA30DD421EA0F13D3342F44
SHA1:	4BCB2485D16732AE7F174617FD44F256FEFCF85C
SHA-256:	82A53CEE6E2275A3E32ADF92A9FE00C9E2D16F948E5536EE00372A8A19D31D06
SHA-512:	F87E0A816E00E3871014ECB1FB4A0752F7AE16854B4A3FE313F44F2EAA83E366A8553633CAC3B98AF556E2A56F862EE4865D5A66BBCF9E146357ED251F104DAF
Malicious:	false
Reputation:	low
Preview:	............4............PNG........IHDR.......4.....9A.d....sRGB.........gAMA......a....<IDATx^..1......Om.. ......................................5............IEND.B`.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\EngineConfigId.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	88
Entropy (8bit):	2.9160161239667026
Encrypted:	false
SSDEEP:	3:vlllhelqbSiFqhzIGCSOdTh6:vtIlViFXG/OdTh6
MD5:	2CB0D4339341E6189CD737B364CDCD82
SHA1:	52CB91F3D2F92C50D60630507182BB442F4AD6BD
SHA-256:	54332C4C577158182D35F4C8DCF1ACA73FF880B053F03B8E6E85E2BAB8C40938
SHA-512:	282D0047DB4C0B8A4BFF0935F8308CBDBC83DBE4AAF5CF77D193A697D77E4AD8EBE7D157FF89CFA65F6BCF445CE421E29D245082B2783E5DF8CA9000C2E97002
Malicious:	false
Reputation:	low
Preview:	........&...{.A.9.2.A.5.9.C.6.-.7.2.7.8.-.4.6.D.D.-.9.9.F.2.-.1.C.7.B.F.7.1.E.1.1.5.B.}.

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\SceneData.bin

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	data
Category:	dropped
Size (bytes):	22
Entropy (8bit):	1.7295290545023008
Encrypted:	false
SSDEEP:	3:vlll8/BG:vtmQ
MD5:	BF81BF0E729C39E718AC306CF07DD8C4
SHA1:	95348A05A5F0812D1FAD98C83500353FE63811C0
SHA-256:	50CFF32314082BF07E6652571B6F5B41ADD3A2EA70B665A15E63C606171C83D5
SHA-512:	5D02FE143020E0D8FDA6BEE43895AE83300D9609C05ED090D4BBE25F9CCF740C8B17E2DE9ACF837C9347C1BBB8C642E2A287CA49102E59E6D4B931827CB81DE4
Malicious:	false
Reputation:	low
Preview:	..............4.......

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2559
Entropy (8bit):	5.440474440107185
Encrypted:	false
SSDEEP:	48:Y2O2M1MKtr7vQD1sN+J2sG91OMJMRUgFgQkXMJMK2+R/9VUXc4m6YAZnL:H27vQ266OGooGt9M
MD5:	F4E4A03EBD0AB3A953C56A300D61D223
SHA1:	97A9ACF22C3BDD6989D7C120C21077C4D5A9A80E
SHA-256:	52BFB22AA2D7B0CE083D312FB8FA8DCDA3063207186F99FC259AEBD9064CBEDC
SHA-512:	12AA71EEA45720A4D7D057DA0B662635671E4CD165AD2E0D30A3D2A43950B47DD60C26C1BBBE049418F815850E571B8D93E4C8B8CBBD686ABC3CF7926BA719C2
Malicious:	false
Reputation:	low
Preview:	{"APP.COMMUNITY.CLIENTTYPE":"Microsoft.Paint3D","APP.COMMUNITY.GLTF.EXPORT.ENABLED":"True","APP.COMMUNITY.GLTF.IMPORT.ENABLED":"True","APP.FILEOPERATIONS.FORMAT.FBX.EXPORT.ENABLED":"True","APP.FILEOPERATIONS.FORMAT.FBX.IMPORT.ENABLED":"True","TOOLS.EDITINFREEVIEW.ENABLED":"True","APP.COMMUNITY.HUBBLE.ENVIRONMENT":"PROD","APP.COMMUNITY.HUBBLE.REQUEST1PHOST":"True","APP.COMMUNITY.HUBBLE.USEWEBVIEW":"False","APP.COMMUNITY.ENABLEDFORLOCALE":"True","APP.FILEOPERATIONS.IMPORT.SEPARATEOBJECTS.ENABLED":"True","APP.TEXTURES.CANVAS3D.DUALLAYER.ENABLED":"True","APP.CMS.CONFIGENDPOINT":"http://go.microsoft.com/fwlink/?LinkId=828137","APP.CMS.KILLSWITCHTURNEDON":"False","APP.CMS.MINIMUMAPPVERSION":"3.1710.30028.0","APP.COMMUNITY.ANONYMOUSBROWSE.ENABLED":"True","APP.COMMUNITY.ENABLEDFORLANGUAGE":"True","APP.COMMUNITY.ENDPOINTCONFIGJSON":"{\"EnvironmentOverrides\": { \"PREVIEW\": { \"TokenScope\": \"service::remix3d.com::MBI_SSL\", \"BrowseUri\": \"https://www.preview.remix3d.com/\", \"ProfileUri\":

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json.~tmp

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2559
Entropy (8bit):	5.440474440107185
Encrypted:	false
SSDEEP:	48:Y2O2M1MKtr7vQD1sN+J2sG91OMJMRUgFgQkXMJMK2+R/9VUXc4m6YAZnL:H27vQ266OGooGt9M
MD5:	F4E4A03EBD0AB3A953C56A300D61D223
SHA1:	97A9ACF22C3BDD6989D7C120C21077C4D5A9A80E
SHA-256:	52BFB22AA2D7B0CE083D312FB8FA8DCDA3063207186F99FC259AEBD9064CBEDC
SHA-512:	12AA71EEA45720A4D7D057DA0B662635671E4CD165AD2E0D30A3D2A43950B47DD60C26C1BBBE049418F815850E571B8D93E4C8B8CBBD686ABC3CF7926BA719C2
Malicious:	false
Reputation:	low
Preview:	{"APP.COMMUNITY.CLIENTTYPE":"Microsoft.Paint3D","APP.COMMUNITY.GLTF.EXPORT.ENABLED":"True","APP.COMMUNITY.GLTF.IMPORT.ENABLED":"True","APP.FILEOPERATIONS.FORMAT.FBX.EXPORT.ENABLED":"True","APP.FILEOPERATIONS.FORMAT.FBX.IMPORT.ENABLED":"True","TOOLS.EDITINFREEVIEW.ENABLED":"True","APP.COMMUNITY.HUBBLE.ENVIRONMENT":"PROD","APP.COMMUNITY.HUBBLE.REQUEST1PHOST":"True","APP.COMMUNITY.HUBBLE.USEWEBVIEW":"False","APP.COMMUNITY.ENABLEDFORLOCALE":"True","APP.FILEOPERATIONS.IMPORT.SEPARATEOBJECTS.ENABLED":"True","APP.TEXTURES.CANVAS3D.DUALLAYER.ENABLED":"True","APP.CMS.CONFIGENDPOINT":"http://go.microsoft.com/fwlink/?LinkId=828137","APP.CMS.KILLSWITCHTURNEDON":"False","APP.CMS.MINIMUMAPPVERSION":"3.1710.30028.0","APP.COMMUNITY.ANONYMOUSBROWSE.ENABLED":"True","APP.COMMUNITY.ENABLEDFORLANGUAGE":"True","APP.COMMUNITY.ENDPOINTCONFIGJSON":"{\"EnvironmentOverrides\": { \"PREVIEW\": { \"TokenScope\": \"service::remix3d.com::MBI_SSL\", \"BrowseUri\": \"https://www.preview.remix3d.com/\", \"ProfileUri\":

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json~RF3ee4e4.TMP (copy)

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	2559
Entropy (8bit):	5.440474440107185
Encrypted:	false
SSDEEP:	48:Y2O2M1MKtr7vQD1sN+J2sG91OMJMRUgFgQkXMJMK2+R/9VUXc4m6YAZnL:H27vQ266OGooGt9M
MD5:	F4E4A03EBD0AB3A953C56A300D61D223
SHA1:	97A9ACF22C3BDD6989D7C120C21077C4D5A9A80E
SHA-256:	52BFB22AA2D7B0CE083D312FB8FA8DCDA3063207186F99FC259AEBD9064CBEDC
SHA-512:	12AA71EEA45720A4D7D057DA0B662635671E4CD165AD2E0D30A3D2A43950B47DD60C26C1BBBE049418F815850E571B8D93E4C8B8CBBD686ABC3CF7926BA719C2
Malicious:	false
Reputation:	low
Preview:	{"APP.COMMUNITY.CLIENTTYPE":"Microsoft.Paint3D","APP.COMMUNITY.GLTF.EXPORT.ENABLED":"True","APP.COMMUNITY.GLTF.IMPORT.ENABLED":"True","APP.FILEOPERATIONS.FORMAT.FBX.EXPORT.ENABLED":"True","APP.FILEOPERATIONS.FORMAT.FBX.IMPORT.ENABLED":"True","TOOLS.EDITINFREEVIEW.ENABLED":"True","APP.COMMUNITY.HUBBLE.ENVIRONMENT":"PROD","APP.COMMUNITY.HUBBLE.REQUEST1PHOST":"True","APP.COMMUNITY.HUBBLE.USEWEBVIEW":"False","APP.COMMUNITY.ENABLEDFORLOCALE":"True","APP.FILEOPERATIONS.IMPORT.SEPARATEOBJECTS.ENABLED":"True","APP.TEXTURES.CANVAS3D.DUALLAYER.ENABLED":"True","APP.CMS.CONFIGENDPOINT":"http://go.microsoft.com/fwlink/?LinkId=828137","APP.CMS.KILLSWITCHTURNEDON":"False","APP.CMS.MINIMUMAPPVERSION":"3.1710.30028.0","APP.COMMUNITY.ANONYMOUSBROWSE.ENABLED":"True","APP.COMMUNITY.ENABLEDFORLANGUAGE":"True","APP.COMMUNITY.ENDPOINTCONFIGJSON":"{\"EnvironmentOverrides\": { \"PREVIEW\": { \"TokenScope\": \"service::remix3d.com::MBI_SSL\", \"BrowseUri\": \"https://www.preview.remix3d.com/\", \"ProfileUri\":

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	3.6913843315895676
Encrypted:	false
SSDEEP:	192:uxNuScV6O6c2kW2qY4Oc5h1d/1T3jvP9iw/FBi8LuOalE:+NPROqg4Oc31d/1T3jvP9iwtlCO
MD5:	26FC292C81BCE64B108BA312D20F5779
SHA1:	413BAC66D0F49C3F0BC987E6CA871B52EBF43457
SHA-256:	50A16C5A0FB84551744A07E491757BA8740C59D9D9E62AC9BA08946D08540CBB
SHA-512:	403F4DEE7C595AB78B7FE39B54D7DAAF956E761483780EF624CCC37A24E87702533F471CB60BE072587AF6B7751B4232AAE9AF359DCC88FA567C7D97C8370971
Malicious:	false
Reputation:	low
Preview:	regf........b.Q.7.................. ....0......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm..................................................................................................................................................................................................................................................................................................................................................P'........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\Settings\settings.dat.LOG1

Download File

Process:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
File Type:	MS Windows registry file, NT/2000 or above
Category:	dropped
Size (bytes):	16384
Entropy (8bit):	3.7066754584015187
Encrypted:	false
SSDEEP:	192:cGNuScV6O6c2kW2qY4Oc5h1d/1T3jvP9iw/FBi8LuOalE:fNPROqg4Oc31d/1T3jvP9iwtlCO
MD5:	15B1EF215B81854E85B82E06596AE608
SHA1:	169C5FE3FC36E705A18C4F5BE457C61FFF519705
SHA-256:	318B193BD063192EC97E099DEB1E6A99EE929D7EF340C4392493D46E2EB8718B
SHA-512:	9C17F0C739A2DECD63962C4618B41F44D97615A99990C889ACD685D8345DEFD4754E4100CC7666424F89D02DAE3415B54615368E63017CCA121C787AB84DBAAF
Malicious:	false
Reputation:	low
Preview:	regf........b.Q.7.................. ....0......y.b.3.d.8.b.b.w.e.\.S.e.t.t.i.n.g.s.\.s.e.t.t.i.n.g.s...d.a.t...y..j.....J.....y..j.....J.........z..j.....J.....rmtm..................................................................................................................................................................................................................................................................................................................................................P'HvLE.>...........0.......5z.}.F..Q.;;@}.....0..hbin................b.Q.7..........nk,.T...7..................................x...............................Test....p...sk..h...h.......t.......H...X.............4.........?.......................?....................... ... ...............YQ..fr]%dc;.............nk ..<.....................................h...............d...d...........CloudConfig.....p...sk..x...x.......t.......H...X.............4.........?.......................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 06:29:01 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2673
Entropy (8bit):	3.9921528142740974
Encrypted:	false
SSDEEP:	48:8B/da/QT6/0nbIcHMidAKZdA1FehwiZUklqehVy+3:8B4Q2ybIH2y
MD5:	A11BF71C537423902589831E9C8523D8
SHA1:	5932949D4AAEE6DB814572B0E8EFAE50355A150E
SHA-256:	4A0F983BD0A5166B86D052BB82F65A66912906F0014947C85C8FB213DEA4BA66
SHA-512:	FE4694A9968CE6F0991B7A6878B678AB7245D2217817A81B7D4E3BCED110A2A14C26BA2937DA16E293B95762DE6F61A7C9BCC138C8E7EB0C6F82B61EFC533EF2
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....t.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Q........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 06:29:01 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2675
Entropy (8bit):	4.009067553970408
Encrypted:	false
SSDEEP:	48:8rda/QT6/0nbIcHMidAKZdA1seh/iZUkAQkqehmy+2:8MQ2ybIx9Qry
MD5:	995C9C882E42294D3F83939975CEA457
SHA1:	A92C88C6D58F62F9B2FE3B80A242923F35036532
SHA-256:	FB17BA9B93749E58C69F343A3BDC352D1DA79F88A7D9D37474E6DCA3D71D4FAA
SHA-512:	454BEE3D11FBD23C5B272577762F33D89331F30FA8A803BCC6F13EB866810681AF336317F151CAD28EC402B2BCA9FE2B4C8622D5101A6A5B186772DE177AAEC9
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....M.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Q........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2689
Entropy (8bit):	4.016789907657291
Encrypted:	false
SSDEEP:	48:8zda/QT6/0nbAHMidAKZdA14meh7sFiZUkmgqeh7sMy+BX:8UQ2ybxnyy
MD5:	2458B7373A290344FD79D5B21D8AAE18
SHA1:	9D69C594D40D7221689026B024FA21BC4FC43D9C
SHA-256:	8E8B81D7920AC4DBF90A7A41D4AF09C6004962937890CDFB9F7E7919B516C10C
SHA-512:	6D06B1CD7B9A7262E5BC8047E0F7A529BCC07FAA4EB7DE554468E596AFD215D86E161E00150F9D46D6258CACC81B1846E874C17C009CD8ED358FC49847DAF726
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Q........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 06:29:01 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	4.008864446487798
Encrypted:	false
SSDEEP:	48:8Oda/QT6/0nbIcHMidAKZdA1TehDiZUkwqeh6y+R:85Q2ybICUy
MD5:	973C32FB8C4C01FC7C51439D1AD7B12A
SHA1:	8C33948AB2A46219D8C98BCECE01FC4021B115BF
SHA-256:	36639CEF8B241E12BCC4BB6EAEBFE1D1E919F7167C2D35D310A96D38FC578283
SHA-512:	F7BB59C6DCDD1035A522BBDA10A7F8123854D78006EAE7A96EB1C6FFDFA80F5972666BA71E6B2BAD4EA9118F87C4EDC4E87785A5186663DE807E52D22B3AE665
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,.........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Q........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 06:29:01 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.998213700774342
Encrypted:	false
SSDEEP:	48:8mda/QT6/0nbIcHMidAKZdA1dehBiZUk1W1qeh4y+C:8xQ2ybIS9Yy
MD5:	ED7DC97A2427E8694F29A4F7600E6604
SHA1:	870F643B432B036140AE99ADBDB23E0850CE94EA
SHA-256:	11E6AD434EA37A3E45EA073A73632CC9AC8C99F2F37345D6B52C61BE01A5F88E
SHA-512:	E2F504A81F81B763782B37675BE7A912599ED6D84BE2D7A78783DE6B76DCF7928D56989115FD46F7D94F36510142B79B2FF1116CE19A1D6A18134C982803EA7E
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,..........N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Q........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Mar 28 06:29:01 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.007129794475841
Encrypted:	false
SSDEEP:	48:8HEda/QT6/0nbIcHMidAKZdA1duTeehOuTbbiZUk5OjqehOuTbyy+yT+:8TQ2ybIITfTbxWOvTbyy7T
MD5:	D7985A812B7037D718225FF2A57344A6
SHA1:	974997DB6E762862B2574373E43EFDC1725CDE96
SHA-256:	88F63F521868BB21D5C119D01F2B2A0D3E879ACCE1525716586E8756C0575B5B
SHA-512:	2CBA83590EF201A156A5F1A0ABBDDB035C2006D1AF17CAB4373284DA3AB893F5767B7A62B24585206FE19475D00C1140930BB790E51149A1334B7A003685712F
Malicious:	false
Reputation:	low
Preview:	L..................F.@.. ...$+.,....9.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I\|X.;....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V\|X.;....L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V\|X.;....M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V\|X.;..........................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V\|X.;...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........Q........C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\575231e4-3589-4cf5-8fb0-76bc26471e60.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 7796 bytes, 1 file, at 0x2c +A "pinrules.stl", number 1, 1 datablock, 0x1 compression
Category:	dropped
Size (bytes):	7796
Entropy (8bit):	7.971943145771426
Encrypted:	false
SSDEEP:	192:CPTIWKvNnUBBBL05O/b0evl2G6AXK+KMlYX82:CbevNUBDLlz0eN2dAXlKH
MD5:	FB60E1AFE48764E6BF78719C07813D32
SHA1:	A1DC74EF8495C9A1489DD937659B5C2875027E16
SHA-256:	EBF3E7290B8FD1E5509CAA69335251F22B61BAF3F9FF87B4E8544F3C1FEA279D
SHA-512:	92BAA53445EC1A6EC049AF875783619D255AB4A46241B456BD87AE0043C117740BD117406E2CF5440840C68D0C573CBA7B40F58587CE7796D254D0B06E9B7973
Malicious:	false
Reputation:	low
Preview:	MSCF....t.......,...................I........E.........J.R .pinrules.stl..>N.#..ECK.[.T...O......l.$.)V.a...v.d.H...&.D.YA,(+Y...A.......c]."ka-.XW..I.....w..\|..9.........{...\|d..v.T..w.TMZ.\|...).F.rtAm.....f......T........n.z.:.t&.} EH.S.)2...SP.../~.Q..d..".@.5..r(..M.Zs..~{...>...p.p.^....[/p..~.....@......f..E0....9.i...Ds..^.d...N.R@..P%..9... .4Z)...z..h...@.......C<.]6....([.c=.9..l.....@..4......f.......z.!..0.`Jp.."$I..?`......H...].2...$....9v1./g.&.aIX.A..A.w..p.*.`r.........'!e.. ..d...H.d.hu`.\!w.Z..E.$....$..\|1..@.OC!c.......%.....p.uxC.~@....`...#.~ .P.!.Gb`)i...L..0.-.K.....xRx.e"..@.....5T..JP^.9.....#aH.E.@2..H..f.H..K...+x..$.WM..H}....=....`.PD:.qgn........I.....]uX..q...D...]n.4..0..b!.....m"a.Lz...d..S%P.I11,..^..".+At..To\@K.....c.h.C.....=...H.Xa...r.A.I..@!..0..eV...\|.h..$."r..hL9TR..}.v%...4).H..[.....r..\|]..+5..Y..I..hN...O=u..8.}U...#S...R..KQ..A..w....X\|.....8b...GC.4..h....6gG.>..}.8....!ql..A..1..X.C.q.j....

C:\Users\user\Downloads\pinrulesstl.cab (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 7796 bytes, 1 file, at 0x2c +A "pinrules.stl", number 1, 1 datablock, 0x1 compression
Category:	dropped
Size (bytes):	7796
Entropy (8bit):	7.971943145771426
Encrypted:	false
SSDEEP:	192:CPTIWKvNnUBBBL05O/b0evl2G6AXK+KMlYX82:CbevNUBDLlz0eN2dAXlKH
MD5:	FB60E1AFE48764E6BF78719C07813D32
SHA1:	A1DC74EF8495C9A1489DD937659B5C2875027E16
SHA-256:	EBF3E7290B8FD1E5509CAA69335251F22B61BAF3F9FF87B4E8544F3C1FEA279D
SHA-512:	92BAA53445EC1A6EC049AF875783619D255AB4A46241B456BD87AE0043C117740BD117406E2CF5440840C68D0C573CBA7B40F58587CE7796D254D0B06E9B7973
Malicious:	false
Reputation:	low
Preview:	MSCF....t.......,...................I........E.........J.R .pinrules.stl..>N.#..ECK.[.T...O......l.$.)V.a...v.d.H...&.D.YA,(+Y...A.......c]."ka-.XW..I.....w..\|..9.........{...\|d..v.T..w.TMZ.\|...).F.rtAm.....f......T........n.z.:.t&.} EH.S.)2...SP.../~.Q..d..".@.5..r(..M.Zs..~{...>...p.p.^....[/p..~.....@......f..E0....9.i...Ds..^.d...N.R@..P%..9... .4Z)...z..h...@.......C<.]6....([.c=.9..l.....@..4......f.......z.!..0.`Jp.."$I..?`......H...].2...$....9v1./g.&.aIX.A..A.w..p.*.`r.........'!e.. ..d...H.d.hu`.\!w.Z..E.$....$..\|1..@.OC!c.......%.....p.uxC.~@....`...#.~ .P.!.Gb`)i...L..0.-.K.....xRx.e"..@.....5T..JP^.9.....#aH.E.@2..H..f.H..K...+x..$.WM..H}....=....`.PD:.qgn........I.....]uX..q...D...]n.4..0..b!.....m"a.Lz...d..S%P.I11,..^..".+At..To\@K.....c.h.C.....=...H.Xa...r.A.I..@!..0..eV...\|.h..$."r..hL9TR..}.v%...4).H..[.....r..\|]..+5..Y..I..hN...O=u..8.}U...#S...R..KQ..A..w....X\|.....8b...GC.4..h....6gG.>..}.8....!ql..A..1..X.C.q.j....

C:\Users\user\Downloads\pinrulesstl.cab.crdownload (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 7796 bytes, 1 file, at 0x2c +A "pinrules.stl", number 1, 1 datablock, 0x1 compression
Category:	dropped
Size (bytes):	7796
Entropy (8bit):	7.971943145771426
Encrypted:	false
SSDEEP:	192:CPTIWKvNnUBBBL05O/b0evl2G6AXK+KMlYX82:CbevNUBDLlz0eN2dAXlKH
MD5:	FB60E1AFE48764E6BF78719C07813D32
SHA1:	A1DC74EF8495C9A1489DD937659B5C2875027E16
SHA-256:	EBF3E7290B8FD1E5509CAA69335251F22B61BAF3F9FF87B4E8544F3C1FEA279D
SHA-512:	92BAA53445EC1A6EC049AF875783619D255AB4A46241B456BD87AE0043C117740BD117406E2CF5440840C68D0C573CBA7B40F58587CE7796D254D0B06E9B7973
Malicious:	false
Reputation:	low
Preview:	MSCF....t.......,...................I........E.........J.R .pinrules.stl..>N.#..ECK.[.T...O......l.$.)V.a...v.d.H...&.D.YA,(+Y...A.......c]."ka-.XW..I.....w..\|..9.........{...\|d..v.T..w.TMZ.\|...).F.rtAm.....f......T........n.z.:.t&.} EH.S.)2...SP.../~.Q..d..".@.5..r(..M.Zs..~{...>...p.p.^....[/p..~.....@......f..E0....9.i...Ds..^.d...N.R@..P%..9... .4Z)...z..h...@.......C<.]6....([.c=.9..l.....@..4......f.......z.!..0.`Jp.."$I..?`......H...].2...$....9v1./g.&.aIX.A..A.w..p.*.`r.........'!e.. ..d...H.d.hu`.\!w.Z..E.$....$..\|1..@.OC!c.......%.....p.uxC.~@....`...#.~ .P.!.Gb`)i...L..0.-.K.....xRx.e"..@.....5T..JP^.9.....#aH.E.@2..H..f.H..K...+x..$.WM..H}....=....`.PD:.qgn........I.....]uX..q...D...]n.4..0..b!.....m"a.Lz...d..S%P.I11,..^..".+At..To\@K.....c.h.C.....=...H.Xa...r.A.I..@!..0..eV...\|.h..$."r..hL9TR..}.v%...4).H..[.....r..\|]..+5..Y..I..hN...O=u..8.}U...#S...R..KQ..A..w....X\|.....8b...GC.4..h....6gG.>..}.8....!ql..A..1..X.C.q.j....

Chrome Cache Entry: 130

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Unicode text, UTF-8 text, with very long lines (3513)
Category:	downloaded
Size (bytes):	3519
Entropy (8bit):	5.872850309721715
Encrypted:	false
SSDEEP:	96:jlgjlib6HADhH4dgJg58DzG0DMId3nPfffQfo:jlgZBHAd4dg+iDCnId3n
MD5:	E4E46D91F567B1DF42FB91E618AB8BC1
SHA1:	D7F1C1100380928EEFC2B01F9104173543A1FEED
SHA-256:	0BCB849722F70D32779099715315DA8E412EFB8E340CA8A2503A3E23239C986D
SHA-512:	ECD7917529EF45920041312D4679F834604905FF615B036408CFDEEEA6F235C06DD9FE9E1E6C042964B26593FD744DB526BBC5E08A121EA93D58908C159D6CEB
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["sh.gun episode 6","beasteater chemical burns","ps plus monthly games","lottery mega millions powerball jackpot","nba lakers","total solar eclipses","constellation season finale","mercari no selling fees"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CggvbS8wam1rNxImTG9zIEFuZ2VsZXMgTGFrZXJzIOKAlCBCYXNrZXRiYWxsIHRlYW0y9g5kYXRhOmltYWdlL3BuZztiYXNlNjQsaVZCT1J3MEtHZ29BQUFBTlNVaEVVZ0FBQUVBQUFBQW9DQU1BQUFCNUVBemJBQUFCTWxCTVZFWC8vLy85dVNmL3ZDai92aUwvd1NEL3Zpai92Q1FBQUhYL3d4MGpBSEg4L1Awd0FHL3Q3UEgvd1NuMXN5emIyZVBrNHVyTHh0Y1hBR1RZbkR6anBEY1pBSElBQUZ5S1pSV0VZUlM3aVIza3B5T3hnaHZEang2OGhrbkR2dEhWMGQ1SUltdXBkbEJSSzJtWWFGWjlVbDZrY2xLemZrekJpa2Vha2JMb3FEU0dXbHk2dE1xTVgxcVJZMWpjb0RtbG5iclVteUhhbVFDbHA2bVJoWEtUZGtObVNBQmlTaHVib0tleHQ3N0FoZ0NZYXdETmtBQ1BiQ1hLenRPQ1pURG5wQUIyVnhLaWR4bUhoSDk5VXdDRWIwc3dJd

Chrome Cache Entry: 131

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5266)
Category:	downloaded
Size (bytes):	5271
Entropy (8bit):	5.800428085070326
Encrypted:	false
SSDEEP:	96:R0Hlid4Svx+FO/6Dkx02U10k1jJ7LhlIN6666X/c2pcw7vf+p0jBdujB9cPHW96y:R0FA4a+E/v022l7wN6666X/xZapu0jBD
MD5:	D47F1F55DC742548C8F35BF09A4558BD
SHA1:	B82699C2F539AAD19CB75FEC1D0DD7BA3FE76717
SHA-256:	AA308AF256C98B7CE4D4BA9BF3D57F6042F4E5FD25F41E0A46C3736164251F5C
SHA-512:	54BA54223CE0FE4966CC7AEA1F74AA302BA9B193DA0700E65CE61A84D9FCD33267F448F6F21A1ED5D540A400608DC8B8C672A519E47F36767ACD7E8E079DE299
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["student protests vanderbilt","houston open golf","testament the story of moses netflix","quordle hints today","dairy queen free blizzards menu","h1b visa lottery results","venture overwatch hero","wwe wrestlemania"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CgkvbS8wZDg0enISDEhvdXN0b24gT3BlbjK6DmRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFCQUNBTUFBQUNkdDRIc0FBQUJXVkJNVkVYLy8vL2pKeWJyYmg3YzN1RTlSbHlOa3B4TlZtaXhzN3JrNXVnQUFBQUFBQ24velFBQUFDY0FBREhyY1I3cVpoOEFBQ0VBQUNRQUFCenU3L0gvMHdEcWFoL3RLQ1RxWXdBQUFBcTJ1Yi9wWGdENStmcjE4L0gvLy9zQUFCWEp5czRBR2o3U3hic0FFenVvcTdNZUswYi8yMmIvMUVIOHd3djNyQkxsUXlUblVDTDY0ZGJ5cFlMM3o3M3VqVnY4N2VmMnhyTG9WQUNCaHBMdGcwcjB0Wm56clkwdE1VZWZvS1lWS0Vnc09WTlRRVDQrTFRFMk8wOTNlNGR0Y0h4aGFucm4yOUNCZkgyam01Z2NJVGhsWUdXaWs0cTZxNkl4TER1WWo1SEZ1cmNtR3pKelNEaFdOelowWEZtdWcyMmhkVitLV2tQV3

Chrome Cache Entry: 132

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 7796 bytes, 1 file, at 0x2c +A "pinrules.stl", number 1, 1 datablock, 0x1 compression
Category:	downloaded
Size (bytes):	7796
Entropy (8bit):	7.971943145771426
Encrypted:	false
SSDEEP:	192:CPTIWKvNnUBBBL05O/b0evl2G6AXK+KMlYX82:CbevNUBDLlz0eN2dAXlKH
MD5:	FB60E1AFE48764E6BF78719C07813D32
SHA1:	A1DC74EF8495C9A1489DD937659B5C2875027E16
SHA-256:	EBF3E7290B8FD1E5509CAA69335251F22B61BAF3F9FF87B4E8544F3C1FEA279D
SHA-512:	92BAA53445EC1A6EC049AF875783619D255AB4A46241B456BD87AE0043C117740BD117406E2CF5440840C68D0C573CBA7B40F58587CE7796D254D0B06E9B7973
Malicious:	false
Reputation:	low
URL:	http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031
Preview:	MSCF....t.......,...................I........E.........J.R .pinrules.stl..>N.#..ECK.[.T...O......l.$.)V.a...v.d.H...&.D.YA,(+Y...A.......c]."ka-.XW..I.....w..\|..9.........{...\|d..v.T..w.TMZ.\|...).F.rtAm.....f......T........n.z.:.t&.} EH.S.)2...SP.../~.Q..d..".@.5..r(..M.Zs..~{...>...p.p.^....[/p..~.....@......f..E0....9.i...Ds..^.d...N.R@..P%..9... .4Z)...z..h...@.......C<.]6....([.c=.9..l.....@..4......f.......z.!..0.`Jp.."$I..?`......H...].2...$....9v1./g.&.aIX.A..A.w..p.*.`r.........'!e.. ..d...H.d.hu`.\!w.Z..E.$....$..\|1..@.OC!c.......%.....p.uxC.~@....`...#.~ .P.!.Gb`)i...L..0.-.K.....xRx.e"..@.....5T..JP^.9.....#aH.E.@2..H..f.H..K...+x..$.WM..H}....=....`.PD:.qgn........I.....]uX..q...D...]n.4..0..b!.....m"a.Lz...d..S%P.I11,..^..".+At..To\@K.....c.h.C.....=...H.Xa...r.A.I..@!..0..eV...\|.h..$."r..hL9TR..}.v%...4).H..[.....r..\|]..+5..Y..I..hN...O=u..8.}U...#S...R..KQ..A..w....X\|.....8b...GC.4..h....6gG.>..}.8....!ql..A..1..X.C.q.j....

Chrome Cache Entry: 133

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (5266)
Category:	downloaded
Size (bytes):	5271
Entropy (8bit):	5.800428085070326
Encrypted:	false
SSDEEP:	96:R0Hlid4Svx+FO/6Dkx02U10k1jJ7LhlIN6666X/c2pcw7vf+p0jBdujB9cPHW96y:R0FA4a+E/v022l7wN6666X/xZapu0jBD
MD5:	D47F1F55DC742548C8F35BF09A4558BD
SHA1:	B82699C2F539AAD19CB75FEC1D0DD7BA3FE76717
SHA-256:	AA308AF256C98B7CE4D4BA9BF3D57F6042F4E5FD25F41E0A46C3736164251F5C
SHA-512:	54BA54223CE0FE4966CC7AEA1F74AA302BA9B193DA0700E65CE61A84D9FCD33267F448F6F21A1ED5D540A400608DC8B8C672A519E47F36767ACD7E8E079DE299
Malicious:	false
Reputation:	low
URL:	https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Preview:	)]}'.["",["student protests vanderbilt","houston open golf","testament the story of moses netflix","quordle hints today","dairy queen free blizzards menu","h1b visa lottery results","venture overwatch hero","wwe wrestlemania"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"google:entityinfo":"CgkvbS8wZDg0enISDEhvdXN0b24gT3BlbjK6DmRhdGE6aW1hZ2UvcG5nO2Jhc2U2NCxpVkJPUncwS0dnb0FBQUFOU1VoRVVnQUFBRUFBQUFCQUNBTUFBQUNkdDRIc0FBQUJXVkJNVkVYLy8vL2pKeWJyYmg3YzN1RTlSbHlOa3B4TlZtaXhzN3JrNXVnQUFBQUFBQ24velFBQUFDY0FBREhyY1I3cVpoOEFBQ0VBQUNRQUFCenU3L0gvMHdEcWFoL3RLQ1RxWXdBQUFBcTJ1Yi9wWGdENStmcjE4L0gvLy9zQUFCWEp5czRBR2o3U3hic0FFenVvcTdNZUswYi8yMmIvMUVIOHd3djNyQkxsUXlUblVDTDY0ZGJ5cFlMM3o3M3VqVnY4N2VmMnhyTG9WQUNCaHBMdGcwcjB0Wm56clkwdE1VZWZvS1lWS0Vnc09WTlRRVDQrTFRFMk8wOTNlNGR0Y0h4aGFucm4yOUNCZkgyam01Z2NJVGhsWUdXaWs0cTZxNkl4TER1WWo1SEZ1cmNtR3pKelNEaFdOelowWEZtdWcyMmhkVitLV2tQV3

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 28, 2024 08:29:06.210804939 CET	49673	443	192.168.2.16	204.79.197.203
Mar 28, 2024 08:29:06.386188984 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:06.386234999 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:06.386322975 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:06.386567116 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:06.386579990 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:06.512998104 CET	49673	443	192.168.2.16	204.79.197.203
Mar 28, 2024 08:29:06.608397007 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:06.608952045 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:06.608977079 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:06.610097885 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:06.610279083 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:06.611386061 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:06.611453056 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:06.656754971 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:06.656779051 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:06.703814983 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:07.118709087 CET	49673	443	192.168.2.16	204.79.197.203
Mar 28, 2024 08:29:08.062778950 CET	49688	443	192.168.2.16	204.79.197.200
Mar 28, 2024 08:29:08.323712111 CET	49673	443	192.168.2.16	204.79.197.203
Mar 28, 2024 08:29:10.737871885 CET	49673	443	192.168.2.16	204.79.197.203
Mar 28, 2024 08:29:11.961601019 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:11.961642027 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:11.961745024 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:11.964688063 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:11.964698076 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.478662014 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.478754997 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.481605053 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.481615067 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.481911898 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.536798954 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.548753977 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.552745104 CET	49711	443	192.168.2.16	23.210.240.112
Mar 28, 2024 08:29:12.552767992 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:12.552850008 CET	49711	443	192.168.2.16	23.210.240.112
Mar 28, 2024 08:29:12.555342913 CET	49711	443	192.168.2.16	23.210.240.112
Mar 28, 2024 08:29:12.555351019 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:12.596231937 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.885377884 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:12.885508060 CET	49711	443	192.168.2.16	23.210.240.112
Mar 28, 2024 08:29:12.889543056 CET	49711	443	192.168.2.16	23.210.240.112
Mar 28, 2024 08:29:12.889549017 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:12.889792919 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:12.933676958 CET	49711	443	192.168.2.16	23.210.240.112
Mar 28, 2024 08:29:12.972791910 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.972817898 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.972824097 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.972837925 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.972845078 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.972847939 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.972934008 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.972960949 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.972975016 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.972992897 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.973015070 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.973041058 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.973041058 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.973066092 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.980223894 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:12.984937906 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.984966993 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:12.984992981 CET	49710	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:12.984999895 CET	443	49710	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:13.271363020 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:13.271605015 CET	49711	443	192.168.2.16	23.210.240.112
Mar 28, 2024 08:29:13.271625042 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:13.271635056 CET	49711	443	192.168.2.16	23.210.240.112
Mar 28, 2024 08:29:13.271750927 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:13.271787882 CET	443	49711	23.210.240.112	192.168.2.16
Mar 28, 2024 08:29:13.271826982 CET	49711	443	192.168.2.16	23.210.240.112
Mar 28, 2024 08:29:13.401345968 CET	49712	443	192.168.2.16	23.221.242.90
Mar 28, 2024 08:29:13.401402950 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:13.401484966 CET	49712	443	192.168.2.16	23.221.242.90
Mar 28, 2024 08:29:13.401803970 CET	49712	443	192.168.2.16	23.221.242.90
Mar 28, 2024 08:29:13.401817083 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:13.755776882 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:13.755865097 CET	49712	443	192.168.2.16	23.221.242.90
Mar 28, 2024 08:29:13.757138014 CET	49712	443	192.168.2.16	23.221.242.90
Mar 28, 2024 08:29:13.757153034 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:13.757390022 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:13.758553028 CET	49712	443	192.168.2.16	23.221.242.90
Mar 28, 2024 08:29:13.800240993 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:14.108365059 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:14.108428001 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:14.108537912 CET	49712	443	192.168.2.16	23.221.242.90
Mar 28, 2024 08:29:14.109318018 CET	49712	443	192.168.2.16	23.221.242.90
Mar 28, 2024 08:29:14.109344006 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:14.109375954 CET	49712	443	192.168.2.16	23.221.242.90
Mar 28, 2024 08:29:14.109383106 CET	443	49712	23.221.242.90	192.168.2.16
Mar 28, 2024 08:29:14.384200096 CET	49678	443	192.168.2.16	20.189.173.10
Mar 28, 2024 08:29:14.687695026 CET	49678	443	192.168.2.16	20.189.173.10
Mar 28, 2024 08:29:15.293710947 CET	49678	443	192.168.2.16	20.189.173.10
Mar 28, 2024 08:29:15.548705101 CET	49673	443	192.168.2.16	204.79.197.203
Mar 28, 2024 08:29:16.505676985 CET	49678	443	192.168.2.16	20.189.173.10
Mar 28, 2024 08:29:16.605715990 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:16.605777025 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:16.605843067 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:17.751183987 CET	49706	443	192.168.2.16	172.253.62.103
Mar 28, 2024 08:29:17.751218081 CET	443	49706	172.253.62.103	192.168.2.16
Mar 28, 2024 08:29:18.847973108 CET	49680	80	192.168.2.16	192.229.211.108
Mar 28, 2024 08:29:18.911684036 CET	49678	443	192.168.2.16	20.189.173.10
Mar 28, 2024 08:29:19.150690079 CET	49680	80	192.168.2.16	192.229.211.108
Mar 28, 2024 08:29:19.755697966 CET	49680	80	192.168.2.16	192.229.211.108
Mar 28, 2024 08:29:20.967756987 CET	49680	80	192.168.2.16	192.229.211.108
Mar 28, 2024 08:29:23.380727053 CET	49680	80	192.168.2.16	192.229.211.108
Mar 28, 2024 08:29:23.716694117 CET	49678	443	192.168.2.16	20.189.173.10
Mar 28, 2024 08:29:25.153697014 CET	49673	443	192.168.2.16	204.79.197.203
Mar 28, 2024 08:29:28.188667059 CET	49680	80	192.168.2.16	192.229.211.108
Mar 28, 2024 08:29:33.331640959 CET	49678	443	192.168.2.16	20.189.173.10
Mar 28, 2024 08:29:37.794646025 CET	49680	80	192.168.2.16	192.229.211.108
Mar 28, 2024 08:29:49.386125088 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:49.386173010 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:49.386262894 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:49.386604071 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:49.386615992 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:49.897759914 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:49.897855997 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:49.899528980 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:49.899537086 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:49.899768114 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:49.901077986 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:49.944235086 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.398670912 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.398701906 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.398718119 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.398791075 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:50.398825884 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.398875952 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:50.399049997 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.399080038 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.399105072 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:50.399111986 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.399139881 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.399149895 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:50.399177074 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:50.402574062 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:50.402590990 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:29:50.402605057 CET	49715	443	192.168.2.16	20.114.59.183
Mar 28, 2024 08:29:50.402610064 CET	443	49715	20.114.59.183	192.168.2.16
Mar 28, 2024 08:30:28.974399090 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:28.974441051 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:28.974509954 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:28.974798918 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:28.974811077 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.189464092 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.189997911 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.190023899 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.190375090 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.190810919 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.190886974 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.191263914 CET	49719	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.191313028 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.191381931 CET	49719	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.191448927 CET	49720	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.191483021 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.191540956 CET	49720	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.191622972 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.191651106 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.191704035 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.191735029 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.191930056 CET	49719	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.191946983 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.192064047 CET	49720	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.192078114 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.192193985 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.192207098 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.232247114 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.409406900 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.409826994 CET	49720	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.409848928 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.410233974 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.410684109 CET	49720	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.410741091 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.410933971 CET	49720	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.416059971 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.416348934 CET	49719	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.416372061 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.416708946 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.417092085 CET	49719	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.417186975 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.417290926 CET	49719	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.418519020 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.418746948 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.418767929 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.419442892 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.419485092 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.419523001 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.419544935 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.419550896 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.419574976 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.419595003 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.420075893 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.420149088 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.420980930 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.421049118 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.421720028 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.421731949 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.424758911 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.424818039 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.424918890 CET	49718	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.424933910 CET	443	49718	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.452236891 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.460233927 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.475466967 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.874185085 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.874296904 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.874346972 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.875129938 CET	49721	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.875150919 CET	443	49721	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.876746893 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.876782894 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.876849890 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.877120972 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.877136946 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.938679934 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.938786983 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:29.938841105 CET	49719	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.939471960 CET	49719	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:29.939491034 CET	443	49719	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.085530996 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.085889101 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.085913897 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.086322069 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.086646080 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.086782932 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.087091923 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.087116957 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.087166071 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.087183952 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.087373972 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.087383032 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.120225906 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.120348930 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.120412111 CET	49720	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.121052027 CET	49720	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.121067047 CET	443	49720	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.122139931 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.122241974 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.122349977 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.122682095 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.122714043 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.128237009 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.293226957 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.293277025 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.293314934 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.293329000 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.293360949 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.293379068 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.293401003 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.293442011 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.293489933 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.293961048 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.293968916 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.294054031 CET	49722	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.294075966 CET	443	49722	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.294322968 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.294660091 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.294720888 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.294882059 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.340019941 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.340236902 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.340344906 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.340372086 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.340724945 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.341026068 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.341082096 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.341160059 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.388231993 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.500782967 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.500838995 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.500879049 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.500883102 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.500894070 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.500947952 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.500960112 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.500987053 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.501451015 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.501460075 CET	443	49723	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.501472950 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.501506090 CET	49723	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.552877903 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.552921057 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.552963972 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.552967072 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.552978992 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.553020954 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.553031921 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.553044081 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.553078890 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.553466082 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.553479910 CET	443	49724	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:30.553489923 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:30.553520918 CET	49724	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:32.862963915 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:32.863010883 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:32.863080978 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:32.863286972 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:32.863307953 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.082274914 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.082593918 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.082621098 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.082954884 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.083246946 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.083309889 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.083694935 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.083724976 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.083785057 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.083817005 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.084023952 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.084036112 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.124236107 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.291271925 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.291678905 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.291699886 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.292041063 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.292443037 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.292507887 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.292581081 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.313231945 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.313296080 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.313355923 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.313385963 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.320477962 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.320508957 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.320538044 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.320549965 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.320585012 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.323584080 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.323666096 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.323712111 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.323723078 CET	443	49726	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.323734999 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.323734999 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.323760986 CET	49726	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.336232901 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.519021988 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.519074917 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.519109964 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.519128084 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.519134045 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.519145966 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.519187927 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.528630972 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.528701067 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.531361103 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.531434059 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.531482935 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.531506062 CET	443	49727	172.253.122.105	192.168.2.16
Mar 28, 2024 08:30:33.531536102 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:33.531550884 CET	49727	443	192.168.2.16	172.253.122.105
Mar 28, 2024 08:30:40.397646904 CET	49698	80	192.168.2.16	192.229.211.108
Mar 28, 2024 08:30:40.491903067 CET	80	49698	192.229.211.108	192.168.2.16
Mar 28, 2024 08:30:40.492033958 CET	49698	80	192.168.2.16	192.229.211.108

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 28, 2024 08:29:01.589370012 CET	53	65125	1.1.1.1	192.168.2.16
Mar 28, 2024 08:29:01.648951054 CET	53	62511	1.1.1.1	192.168.2.16
Mar 28, 2024 08:29:02.234226942 CET	53	62850	1.1.1.1	192.168.2.16
Mar 28, 2024 08:29:06.289827108 CET	59110	53	192.168.2.16	1.1.1.1
Mar 28, 2024 08:29:06.289969921 CET	53955	53	192.168.2.16	1.1.1.1
Mar 28, 2024 08:29:06.384839058 CET	53	53955	1.1.1.1	192.168.2.16
Mar 28, 2024 08:29:06.385162115 CET	53	59110	1.1.1.1	192.168.2.16
Mar 28, 2024 08:29:19.263832092 CET	53	56232	1.1.1.1	192.168.2.16
Mar 28, 2024 08:29:38.162444115 CET	53	62298	1.1.1.1	192.168.2.16
Mar 28, 2024 08:30:00.576416016 CET	53	59941	1.1.1.1	192.168.2.16
Mar 28, 2024 08:30:01.533727884 CET	53	59451	1.1.1.1	192.168.2.16
Mar 28, 2024 08:30:10.547347069 CET	138	138	192.168.2.16	192.168.2.255
Mar 28, 2024 08:30:28.877242088 CET	53341	53	192.168.2.16	1.1.1.1
Mar 28, 2024 08:30:28.877468109 CET	64792	53	192.168.2.16	1.1.1.1
Mar 28, 2024 08:30:28.931724072 CET	53	59695	1.1.1.1	192.168.2.16
Mar 28, 2024 08:30:28.972156048 CET	53	53341	1.1.1.1	192.168.2.16
Mar 28, 2024 08:30:28.972404003 CET	53	64792	1.1.1.1	192.168.2.16

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 28, 2024 08:29:01.668801069 CET	192.168.2.16	1.1.1.1	c2b7	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 28, 2024 08:29:06.289827108 CET	192.168.2.16	1.1.1.1	0xfc91	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:29:06.289969921 CET	192.168.2.16	1.1.1.1	0xb090	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 28, 2024 08:30:28.877242088 CET	192.168.2.16	1.1.1.1	0x65ec	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:30:28.877468109 CET	192.168.2.16	1.1.1.1	0x2353	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 28, 2024 08:29:06.384839058 CET	1.1.1.1	192.168.2.16	0xb090	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 28, 2024 08:29:06.385162115 CET	1.1.1.1	192.168.2.16	0xfc91	No error (0)	www.google.com	172.253.62.103	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:29:06.385162115 CET	1.1.1.1	192.168.2.16	0xfc91	No error (0)	www.google.com	172.253.62.106	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:29:06.385162115 CET	1.1.1.1	192.168.2.16	0xfc91	No error (0)	www.google.com	172.253.62.105	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:29:06.385162115 CET	1.1.1.1	192.168.2.16	0xfc91	No error (0)	www.google.com	172.253.62.147	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:29:06.385162115 CET	1.1.1.1	192.168.2.16	0xfc91	No error (0)	www.google.com	172.253.62.99	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:29:06.385162115 CET	1.1.1.1	192.168.2.16	0xfc91	No error (0)	www.google.com	172.253.62.104	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:30:28.972156048 CET	1.1.1.1	192.168.2.16	0x65ec	No error (0)	www.google.com	172.253.122.105	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:30:28.972156048 CET	1.1.1.1	192.168.2.16	0x65ec	No error (0)	www.google.com	172.253.122.103	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:30:28.972156048 CET	1.1.1.1	192.168.2.16	0x65ec	No error (0)	www.google.com	172.253.122.106	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:30:28.972156048 CET	1.1.1.1	192.168.2.16	0x65ec	No error (0)	www.google.com	172.253.122.147	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:30:28.972156048 CET	1.1.1.1	192.168.2.16	0x65ec	No error (0)	www.google.com	172.253.122.99	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:30:28.972156048 CET	1.1.1.1	192.168.2.16	0x65ec	No error (0)	www.google.com	172.253.122.104	A (IP address)	IN (0x0001)	false
Mar 28, 2024 08:30:28.972404003 CET	1.1.1.1	192.168.2.16	0x2353	No error (0)	www.google.com		65	IN (0x0001)	false

HTTP Request Dependency Graph

slscr.update.microsoft.com

fs.microsoft.com

www.google.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.16	49710	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:29:12 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3b3Yn9LcYKYOhOn&MD=wvAgFWda HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-28 07:29:12 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: fe22e368-a80a-4585-b43e-22c0d7b0edb4 MS-RequestId: 3143ea1e-58d4-4e4a-9c50-a12b941088ff MS-CV: 6f2+bFWieE2PWV7Q.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Mar 2024 07:29:12 GMT Connection: close Content-Length: 24490
2024-03-28 07:29:12 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-03-28 07:29:12 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.16	49711	23.210.240.112	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:29:12 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-28 07:29:13 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/0758) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=257650 Date: Thu, 28 Mar 2024 07:29:13 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.16	49712	23.221.242.90	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:29:13 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-03-28 07:29:14 UTC	774	IN	HTTP/1.1 200 OK Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-CID: 7 X-CCC: US X-Azure-Ref-OriginShield: Ref A: 8BFC17DD061B46CAAD2B2AEB7B19C3D8 Ref B: CH1AA2040901011 Ref C: 2023-07-21T06:04:00Z X-MSEdge-Ref: Ref A: 1421F39FA7224BE199CC2F2C3DD24574 Ref B: CHI30EDGE0415 Ref C: 2023-07-21T06:04:00Z Content-Type: application/octet-stream X-Azure-Ref: 0DMGnYgAAAACXaXykPZuVRq4aV6pCkeO8U0pDRURHRTAzMTgAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=257635 Date: Thu, 28 Mar 2024 07:29:14 GMT Content-Length: 55 Connection: close X-CID: 2
2024-03-28 07:29:14 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.16	49715	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:29:49 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=3b3Yn9LcYKYOhOn&MD=wvAgFWda HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-03-28 07:29:50 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 458b8ff2-0440-44f6-9359-823286bfed84 MS-RequestId: 851c7edb-18f0-4119-bbce-3443264b94ad MS-CV: 34D+VonjPkCHN3iF.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Thu, 28 Mar 2024 07:29:50 GMT Connection: close Content-Length: 25457
2024-03-28 07:29:50 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-03-28 07:29:50 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.16	49718	172.253.122.105	443	6208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:30:29 UTC	816	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
2024-03-28 07:30:29 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 07:30:29 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-vfmoNqrU3SfXYTzQl4a8EQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-03-28 07:30:29 UTC	1703	IN	Data Raw: 36 61 36 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 68 c5 8d 67 75 6e 20 65 70 69 73 6f 64 65 20 36 22 2c 22 62 65 61 73 74 65 61 74 65 72 20 63 68 65 6d 69 63 61 6c 20 62 75 72 6e 73 22 2c 22 70 73 20 70 6c 75 73 20 6d 6f 6e 74 68 6c 79 20 67 61 6d 65 73 22 2c 22 6c 6f 74 74 65 72 79 20 6d 65 67 61 20 6d 69 6c 6c 69 6f 6e 73 20 70 6f 77 65 72 62 61 6c 6c 20 6a 61 63 6b 70 6f 74 22 2c 22 6e 62 61 20 6c 61 6b 65 72 73 22 2c 22 74 6f 74 61 6c 20 73 6f 6c 61 72 20 65 63 6c 69 70 73 65 73 22 2c 22 63 6f 6e 73 74 65 6c 6c 61 74 69 6f 6e 20 73 65 61 73 6f 6e 20 66 69 6e 61 6c 65 22 2c 22 6d 65 72 63 61 72 69 20 6e 6f 20 73 65 6c 6c 69 6e 67 20 66 65 65 73 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f Data Ascii: 6a6)]}'["",["shgun episode 6","beasteater chemical burns","ps plus monthly games","lottery mega millions powerball jackpot","nba lakers","total solar eclipses","constellation season finale","mercari no selling fees"],["","","","","","","",""],[],{"go
2024-03-28 07:30:29 UTC	6	IN	Data Raw: 30 4d 58 49 0d 0a Data Ascii: 0MXI
2024-03-28 07:30:29 UTC	1252	IN	Data Raw: 37 31 39 0d 0a 33 52 6d 70 6c 53 7a 56 56 63 6b 5a 4c 55 32 31 36 55 56 70 50 63 44 64 6e 5a 58 64 4d 56 45 35 44 65 57 74 31 64 56 6c 47 53 57 4e 36 5a 57 39 30 61 48 4a 6b 64 55 68 59 52 6a 51 77 59 55 52 30 56 45 4e 4d 5a 48 46 50 63 69 74 44 63 58 42 68 59 6b 70 6e 61 47 30 33 54 6e 4a 44 56 56 68 49 65 57 6c 6f 4e 57 74 78 56 31 70 78 65 6b 68 6a 4e 44 67 77 53 58 42 4b 52 32 78 73 56 7a 45 76 52 47 64 74 53 48 4a 4c 61 57 5a 6f 63 69 39 5a 53 6e 55 78 62 57 78 72 53 56 45 35 55 48 42 6d 52 57 64 5a 4d 54 46 4c 4d 45 74 57 55 6b 35 44 54 45 46 49 53 57 6c 69 5a 33 64 61 5a 46 4e 6e 4f 54 56 6c 4b 32 4e 6b 53 6a 64 46 51 55 4e 47 63 30 6b 77 59 57 78 6a 54 6c 70 45 56 32 4a 32 55 33 42 78 5a 48 46 30 4b 33 45 35 5a 55 35 6c 63 6a 41 79 61 57 4a 78 4f Data Ascii: 7193RmplSzVVckZLU216UVpPcDdnZXdMVE5DeWt1dVlGSWN6ZW90aHJkdUhYRjQwYUR0VENMZHFPcitDcXBhYkpnaG03TnJDVVhIeWloNWtxV1pxekhjNDgwSXBKR2xsVzEvRGdtSHJLaWZoci9ZSnUxbWxrSVE5UHBmRWdZMTFLMEtWUk5DTEFISWliZ3daZFNnOTVlK2NkSjdFQUNGc0kwYWxjTlpEV2J2U3BxZHF0K3E5ZU5lcjAyaWJxO
2024-03-28 07:30:29 UTC	572	IN	Data Raw: 5a 43 4c 32 68 6b 52 46 68 53 4f 44 52 75 64 32 46 30 56 33 49 79 4e 6d 52 42 57 55 6c 77 65 56 70 55 63 32 70 33 65 46 6c 4f 5a 57 59 79 64 6d 30 30 5a 57 73 76 62 46 4e 50 64 7a 52 6a 62 6d 34 76 59 32 5a 4b 65 6b 4a 74 54 6c 4a 6e 4f 55 30 76 5a 55 67 79 54 43 74 56 5a 32 4a 79 57 6c 6f 79 59 58 70 79 51 55 46 42 51 55 46 46 62 45 5a 55 61 31 4e 31 55 57 31 44 51 7a 6f 4b 62 6d 4a 68 49 47 78 68 61 32 56 79 63 30 6f 48 49 7a 6b 35 4e 7a 41 78 4e 31 49 79 5a 33 4e 66 63 33 4e 77 50 57 56 4b 65 6d 6f 30 64 45 52 51 4d 56 52 6d 53 58 6c 7a 4d 44 4a 4f 4d 6b 51 77 4e 48 4e 77 54 46 4e 73 56 45 6c 54 59 33 68 50 54 46 4e 76 52 30 46 46 62 48 42 43 64 44 68 77 42 77 5c 75 30 30 33 64 5c 75 30 30 33 64 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 Data Ascii: ZCL2hkRFhSODRud2F0V3IyNmRBWUlweVpUc2p3eFlOZWYydm00ZWsvbFNPdzRjbm4vY2ZKekJtTlJnOU0vZUgyTCtVZ2JyWloyYXpyQUFBQUFFbEZUa1N1UW1DQzoKbmJhIGxha2Vyc0oHIzk5NzAxN1IyZ3Nfc3NwPWVKemo0dERQMVRmSXlzMDJOMkQwNHNwTFNsVElTY3hPTFNvR0FFbHBCdDhwBw\u003d\u003d","zl":10002},{"zl"
2024-03-28 07:30:29 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.16	49720	172.253.122.105	443	6208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:30:29 UTC	542	OUT	GET /async/ddljson?async=ntp:2 HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
2024-03-28 07:30:30 UTC	1453	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGJW5lLAGIjBHd_AKJiXvmNxa7QOBoMc3TtwL5hSlYsTpvxIHp6hu5gHUnSeQnMynd2baB1bPi2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgsIlrmUsAYQls3SHhIEZqUwKw Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Thu, 28 Mar 2024 07:30:30 GMT Server: gws Content-Length: 427 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-03-28-07; expires=Sat, 27-Apr-2024 07:30:30 GMT; path=/; domain=.google.com; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 07:30:30 UTC	427	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 25 33 46 61 73 79 6e Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasyn

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.16	49719	172.253.122.105	443	6208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:30:29 UTC	719	OUT	GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
2024-03-28 07:30:29 UTC	1481	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGJW5lLAGIjDEtMeSbdsKTFupmRE7XFYXeyEzxbWbjBGXBv4CRFSB_bWJLa0LrH3ZszpniEBwYgQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIlbmUsAYQ-IqIpAMSBGalMCs Content-Type: text/html; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Thu, 28 Mar 2024 07:30:29 GMT Server: gws Content-Length: 458 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-03-28-07; expires=Sat, 27-Apr-2024 07:30:29 GMT; path=/; domain=.google.com; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 07:30:29 UTC	458	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 25 33 46 68 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.16	49721	172.253.122.105	443	6208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:30:29 UTC	542	OUT	GET /async/newtab_promos HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
2024-03-28 07:30:29 UTC	1399	IN	HTTP/1.1 302 Found Location: https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGJW5lLAGIjBi9PQhwvCu8xsidkRQK4-Wu-ijFbl2Tn-IJ6uGgADoaLseDc5qoXZTbhrRHGWYJIQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM x-hallmonitor-challenge: CgwIlbmUsAYQqLv7hQMSBGalMCs Content-Type: text/html; charset=UTF-8 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]} Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Date: Thu, 28 Mar 2024 07:30:29 GMT Server: gws Content-Length: 417 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Set-Cookie: 1P_JAR=2024-03-28-07; expires=Sat, 27-Apr-2024 07:30:29 GMT; path=/; domain=.google.com; Secure; SameSite=none Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 07:30:29 UTC	417	IN	Data Raw: 3c 48 54 4d 4c 3e 3c 48 45 41 44 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 3c 54 49 54 4c 45 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 54 49 54 4c 45 3e 3c 2f 48 45 41 44 3e 3c 42 4f 44 59 3e 0a 3c 48 31 3e 33 30 32 20 4d 6f 76 65 64 3c 2f 48 31 3e 0a 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 0a 3c 41 20 48 52 45 46 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 73 6f 72 72 79 2f 69 6e 64 65 78 3f 63 6f 6e 74 69 6e 75 65 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 26 Data Ascii: <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"><TITLE>302 Moved</TITLE></HEAD><BODY><H1>302 Moved</H1>The document has moved<A HREF="https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.16	49722	172.253.122.105	443	6208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:30:30 UTC	738	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGJW5lLAGIjBi9PQhwvCu8xsidkRQK4-Wu-ijFbl2Tn-IJ6uGgADoaLseDc5qoXZTbhrRHGWYJIQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
2024-03-28 07:30:30 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 28 Mar 2024 07:30:30 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3112 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 07:30:30 UTC	896	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 70 72 6f 6d 6f 73 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_promos</title></head
2024-03-28 07:30:30 UTC	1252	IN	Data Raw: 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 50 67 57 51 54 34 61 69 38 39 78 63 48 59 52 69 5a 4d 41 66 7a 37 79 37 49 51 51 46 47 45 Data Ascii: llback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="PgWQT4ai89xcHYRiZMAfz7y7IQQFGE
2024-03-28 07:30:30 UTC	964	IN	Data Raw: 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 65 20 6d 65 61 6e 74 69 6d 65 2c 20 Data Ascii: hen Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In the meantime,

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.16	49723	172.253.122.105	443	6208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:30:30 UTC	932	OUT	GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGJW5lLAGIjDEtMeSbdsKTFupmRE7XFYXeyEzxbWbjBGXBv4CRFSB_bWJLa0LrH3ZszpniEBwYgQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
2024-03-28 07:30:30 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 28 Mar 2024 07:30:30 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3184 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 07:30:30 UTC	896	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 6e 65 77 74 61 62 5f 6f 67 62 3f 68 6c 3d 65 6e 2d 55 53 26 61 6d 70 3b 61 73 79 Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/newtab_ogb?hl=en-US&asy
2024-03-28 07:30:30 UTC	1252	IN	Data Raw: 70 74 3e 0a 3c 73 63 72 69 70 74 3e 76 61 72 20 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 42 42 5a 31 75 59 Data Ascii: pt><script>var submitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="BBZ1uY
2024-03-28 07:30:30 UTC	1036	IN	Data Raw: 31 35 70 78 20 30 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 65 6d 3b 22 3e 0a 54 68 69 73 20 70 61 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 Data Ascii: 15px 0; line-height:1.4em;">This page appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire short

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.16	49724	172.253.122.105	443	6208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:30:30 UTC	742	OUT	GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGJW5lLAGIjBHd_AKJiXvmNxa7QOBoMc3TtwL5hSlYsTpvxIHp6hu5gHUnSeQnMynd2baB1bPi2UyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1 Host: www.google.com Connection: keep-alive Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
2024-03-28 07:30:30 UTC	356	IN	HTTP/1.1 429 Too Many Requests Date: Thu, 28 Mar 2024 07:30:30 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-store, no-cache, must-revalidate Content-Type: text/html Server: HTTP server (unknown) Content-Length: 3130 X-XSS-Protection: 0 Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-03-28 07:30:30 UTC	896	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 48 54 4d 4c 20 34 2e 30 31 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 61 73 79 6e 63 2f 64 64 6c 6a 73 6f 6e 3f 61 73 79 6e 63 3d 6e 74 70 3a 32 3c 2f 74 69 74 6c 65 3e Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"><meta name="viewport" content="initial-scale=1"><title>https://www.google.com/async/ddljson?async=ntp:2</title>
2024-03-28 07:30:30 UTC	1252	IN	Data Raw: 62 6d 69 74 43 61 6c 6c 62 61 63 6b 20 3d 20 66 75 6e 63 74 69 6f 6e 28 72 65 73 70 6f 6e 73 65 29 20 7b 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 27 63 61 70 74 63 68 61 2d 66 6f 72 6d 27 29 2e 73 75 62 6d 69 74 28 29 3b 7d 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 64 69 76 20 69 64 3d 22 72 65 63 61 70 74 63 68 61 22 20 63 6c 61 73 73 3d 22 67 2d 72 65 63 61 70 74 63 68 61 22 20 64 61 74 61 2d 73 69 74 65 6b 65 79 3d 22 36 4c 66 77 75 79 55 54 41 41 41 41 41 4f 41 6d 6f 53 30 66 64 71 69 6a 43 32 50 62 62 64 48 34 6b 6a 71 36 32 59 31 62 22 20 64 61 74 61 2d 63 61 6c 6c 62 61 63 6b 3d 22 73 75 62 6d 69 74 43 61 6c 6c 62 61 63 6b 22 20 64 61 74 61 2d 73 3d 22 5a 6a 35 73 56 70 67 38 63 58 72 37 4e 56 53 75 66 34 56 30 4d 31 58 6a Data Ascii: bmitCallback = function(response) {document.getElementById('captcha-form').submit();};</script><div id="recaptcha" class="g-recaptcha" data-sitekey="6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b" data-callback="submitCallback" data-s="Zj5sVpg8cXr7NVSuf4V0M1Xj
2024-03-28 07:30:30 UTC	982	IN	Data Raw: 67 65 20 61 70 70 65 61 72 73 20 77 68 65 6e 20 47 6f 6f 67 6c 65 20 61 75 74 6f 6d 61 74 69 63 61 6c 6c 79 20 64 65 74 65 63 74 73 20 72 65 71 75 65 73 74 73 20 63 6f 6d 69 6e 67 20 66 72 6f 6d 20 79 6f 75 72 20 63 6f 6d 70 75 74 65 72 20 6e 65 74 77 6f 72 6b 20 77 68 69 63 68 20 61 70 70 65 61 72 20 74 6f 20 62 65 20 69 6e 20 76 69 6f 6c 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 3c 61 20 68 72 65 66 3d 22 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 70 6f 6c 69 63 69 65 73 2f 74 65 72 6d 73 2f 22 3e 54 65 72 6d 73 20 6f 66 20 53 65 72 76 69 63 65 3c 2f 61 3e 2e 20 54 68 65 20 62 6c 6f 63 6b 20 77 69 6c 6c 20 65 78 70 69 72 65 20 73 68 6f 72 74 6c 79 20 61 66 74 65 72 20 74 68 6f 73 65 20 72 65 71 75 65 73 74 73 20 73 74 6f 70 2e 20 20 49 6e 20 74 68 Data Ascii: ge appears when Google automatically detects requests coming from your computer network which appear to be in violation of the <a href="//www.google.com/policies/terms/">Terms of Service</a>. The block will expire shortly after those requests stop. In th

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.16	49726	172.253.122.105	443	6208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:30:33 UTC	824	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
2024-03-28 07:30:33 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 07:30:33 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-lBddaQ1hBZA0Hi0Q1pgbTw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-03-28 07:30:33 UTC	1703	IN	Data Raw: 37 30 33 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 74 75 64 65 6e 74 20 70 72 6f 74 65 73 74 73 20 76 61 6e 64 65 72 62 69 6c 74 22 2c 22 68 6f 75 73 74 6f 6e 20 6f 70 65 6e 20 67 6f 6c 66 22 2c 22 74 65 73 74 61 6d 65 6e 74 20 74 68 65 20 73 74 6f 72 79 20 6f 66 20 6d 6f 73 65 73 20 6e 65 74 66 6c 69 78 22 2c 22 71 75 6f 72 64 6c 65 20 68 69 6e 74 73 20 74 6f 64 61 79 22 2c 22 64 61 69 72 79 20 71 75 65 65 6e 20 66 72 65 65 20 62 6c 69 7a 7a 61 72 64 73 20 6d 65 6e 75 22 2c 22 68 31 62 20 76 69 73 61 20 6c 6f 74 74 65 72 79 20 72 65 73 75 6c 74 73 22 2c 22 76 65 6e 74 75 72 65 20 6f 76 65 72 77 61 74 63 68 20 68 65 72 6f 22 2c 22 77 77 65 20 77 72 65 73 74 6c 65 6d 61 6e 69 61 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 Data Ascii: 703)]}'["",["student protests vanderbilt","houston open golf","testament the story of moses netflix","quordle hints today","dairy queen free blizzards menu","h1b visa lottery results","venture overwatch hero","wwe wrestlemania"],["","","","","","","","
2024-03-28 07:30:33 UTC	99	IN	Data Raw: 51 30 74 4a 52 44 4d 35 5a 46 68 47 5a 45 35 54 62 54 52 4b 63 55 46 76 61 46 6c 31 62 58 56 4c 61 30 35 72 52 55 56 57 62 31 70 6d 4e 45 68 55 5a 33 42 5a 52 47 56 48 53 48 52 74 51 7a 4e 49 63 45 45 79 4d 6c 6c 45 61 46 70 48 51 54 46 75 53 46 46 4f 59 58 4a 58 62 69 39 6e 61 46 6c 5a 5a 0d 0a Data Ascii: Q0tJRDM5ZFhGZE5TbTRKcUFvaFl1bXVLa05rRUVWb1pmNEhUZ3BZRGVHSHRtQzNIcEEyMllEaFpHQTFuSFFOYXJXbi9naFlZZ
2024-03-28 07:30:33 UTC	1252	IN	Data Raw: 64 39 34 0d 0a 6c 6c 52 4d 57 68 49 59 55 68 49 55 31 4a 6e 4d 45 4a 61 62 47 31 78 53 44 56 44 4d 45 77 78 64 55 4e 53 54 45 52 59 65 55 31 53 52 47 31 31 53 55 52 36 4f 47 39 4e 63 48 68 53 52 7a 4a 68 63 58 42 33 54 44 52 6a 62 33 6c 74 55 6d 55 72 51 57 77 30 61 46 64 35 4f 53 39 4b 53 31 46 50 53 55 78 74 64 6a 4a 31 4d 58 52 58 4e 30 5a 44 65 45 34 31 52 30 39 74 64 47 63 79 4e 32 46 46 64 56 4e 45 57 53 74 42 5a 7a 41 78 57 44 45 78 51 6b 64 68 57 47 74 43 63 45 6c 53 54 57 56 34 55 6e 6c 52 56 55 6c 6e 55 57 5a 5a 51 58 52 4e 56 30 78 4c 5a 6e 55 78 53 6a 52 70 61 30 52 55 61 56 64 55 55 7a 4e 71 63 44 56 44 63 45 78 30 52 57 6c 4a 56 44 46 6a 63 31 52 58 4d 55 5a 35 56 46 4a 34 5a 55 6c 7a 4e 46 52 73 65 47 6c 31 64 6e 6c 43 52 58 42 47 52 31 42 Data Ascii: d94llRMWhIYUhIU1JnMEJabG1xSDVDMEwxdUNSTERYeU1SRG11SUR6OG9NcHhSRzJhcXB3TDRjb3ltUmUrQWw0aFd5OS9KS1FPSUxtdjJ1MXRXN0ZDeE41R09tdGcyN2FFdVNEWStBZzAxWDExQkdhWGtCcElSTWV4UnlRVUlnUWZZQXRNV0xLZnUxSjRpa0RUaVdUUzNqcDVDcEx0RWlJVDFjc1RXMUZ5VFJ4ZUlzNFRseGl1dnlCRXBGR1B
2024-03-28 07:30:33 UTC	1252	IN	Data Raw: 51 57 74 43 51 55 74 42 55 58 41 48 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 6b 76 62 53 38 77 4d 6a 49 77 65 6d 73 53 44 46 64 79 5a 58 4e 30 62 47 56 4e 59 57 35 70 59 54 4c 66 43 57 52 68 64 47 45 36 61 57 31 68 5a 32 55 76 61 6e 42 6c 5a 7a 74 69 59 58 4e 6c 4e 6a 51 73 4c 7a 6c 71 4c 7a 52 42 51 56 46 54 61 31 70 4b 55 6d 64 42 51 6b 46 52 51 55 46 42 55 55 46 43 51 55 46 45 4c 7a 4a 33 51 30 56 42 51 57 74 48 51 6e 64 6e 53 45 4a 6e 61 30 6c 43 64 32 64 4c 51 32 64 72 54 45 52 53 57 56 Data Ascii: QWtCQUtBUXAH","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wMjIwemsSDFdyZXN0bGVNYW5pYTLfCWRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWV
2024-03-28 07:30:33 UTC	979	IN	Data Raw: 43 55 32 56 69 65 6d 5a 34 56 6e 4e 44 62 57 4d 7a 56 6e 56 59 65 48 52 77 4d 56 4a 6f 61 6d 55 79 64 58 46 6f 52 6a 64 42 62 6d 64 50 56 7a 52 43 55 45 68 42 54 30 6c 43 4d 55 68 57 56 6b 30 7a 57 6e 42 4a 56 55 56 78 65 55 74 71 54 44 4a 4b 56 30 63 76 52 6a 4a 6a 55 6d 68 6b 5a 32 59 78 5a 6b 6b 33 57 46 64 79 51 30 68 55 54 6b 6f 34 64 31 46 4d 54 6b 31 6d 52 6c 55 32 51 57 68 6f 52 7a 56 76 64 33 4a 42 52 56 68 43 4e 57 73 7a 53 48 46 6a 55 31 56 32 61 57 74 36 55 45 35 44 57 54 49 33 52 44 56 75 51 56 4a 4b 4e 32 78 44 63 6c 4e 42 52 44 59 32 4e 57 5a 7a 59 30 45 7a 63 6e 4e 77 63 6d 46 78 63 6b 39 6f 63 57 52 4a 52 58 4a 56 63 6b 6b 79 54 48 4e 58 54 45 74 70 61 6c 4e 57 64 47 46 34 53 55 70 32 5a 6a 5a 5a 61 57 4a 77 57 56 52 54 64 45 70 56 4d 55 Data Ascii: CU2ViemZ4VnNDbWMzVnVYeHRwMVJoamUydXFoRjdBbmdPVzRCUEhBT0lCMUhWVk0zWnBJVUVxeUtqTDJKV0cvRjJjUmhkZ2YxZkk3WFdyQ0hUTko4d1FMTk1mRlU2QWhoRzVvd3JBRVhCNWszSHFjU1V2aWt6UE5DWTI3RDVuQVJKN2xDclNBRDY2NWZzY0EzcnNwcmFxck9ocWRJRXJVckkyTHNXTEtpalNWdGF4SUp2ZjZZaWJwWVRTdEpVMU
2024-03-28 07:30:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.16	49727	172.253.122.105	443	6208	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-03-28 07:30:33 UTC	837	OUT	GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1 Host: www.google.com Connection: keep-alive X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlqHLAQj2mM0BCIWgzQEI3L3NAQiSys0BCLnKzQEIx9HNAQiJ080BCNzTzQEIy9bNAQj01s0BCIrXzQEIp9jNAQj5wNQVGLrSzQEYy9jNARjrjaUX Sec-Fetch-Site: none Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: empty User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-28-07
2024-03-28 07:30:33 UTC	1703	IN	HTTP/1.1 200 OK Date: Thu, 28 Mar 2024 07:30:33 GMT Pragma: no-cache Expires: -1 Cache-Control: no-cache, must-revalidate Content-Type: text/javascript; charset=UTF-8 Strict-Transport-Security: max-age=31536000 Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-rzOG0pgztgZltgRpzLMq5Q' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1 Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws" Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]} Accept-CH: Sec-CH-UA-Platform Accept-CH: Sec-CH-UA-Platform-Version Accept-CH: Sec-CH-UA-Full-Version Accept-CH: Sec-CH-UA-Arch Accept-CH: Sec-CH-UA-Model Accept-CH: Sec-CH-UA-Bitness Accept-CH: Sec-CH-UA-Full-Version-List Accept-CH: Sec-CH-UA-WoW64 Permissions-Policy: unload=() Origin-Trial: Ap+qNlnLzJDKSmEHjzM5ilaa908GuehlLqGb6ezME5lkhelj20qVzfv06zPmQ3LodoeujZuphAolrnhnPA8w4AIAAABfeyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJQZXJtaXNzaW9uc1BvbGljeVVubG9hZCIsImV4cGlyeSI6MTY4NTY2Mzk5OX0= Origin-Trial: AvudrjMZqL7335p1KLV2lHo1kxdMeIN0dUI15d0CPz9dovVLCcXk8OAqjho1DX4s6NbHbA/AGobuGvcZv0drGgQAAAB9eyJvcmlnaW4iOiJodHRwczovL3d3dy5nb29nbGUuY29tOjQ0MyIsImZlYXR1cmUiOiJCYWNrRm9yd2FyZENhY2hlTm90UmVzdG9yZWRSZWFzb25zIiwiZXhwaXJ5IjoxNjkxNTM5MTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0= Content-Disposition: attachment; filename="f.txt" Server: gws X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Accept-Ranges: none Vary: Accept-Encoding Connection: close Transfer-Encoding: chunked
2024-03-28 07:30:33 UTC	1678	IN	Data Raw: 36 38 37 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 73 74 75 64 65 6e 74 20 70 72 6f 74 65 73 74 73 20 76 61 6e 64 65 72 62 69 6c 74 22 2c 22 68 6f 75 73 74 6f 6e 20 6f 70 65 6e 20 67 6f 6c 66 22 2c 22 74 65 73 74 61 6d 65 6e 74 20 74 68 65 20 73 74 6f 72 79 20 6f 66 20 6d 6f 73 65 73 20 6e 65 74 66 6c 69 78 22 2c 22 71 75 6f 72 64 6c 65 20 68 69 6e 74 73 20 74 6f 64 61 79 22 2c 22 64 61 69 72 79 20 71 75 65 65 6e 20 66 72 65 65 20 62 6c 69 7a 7a 61 72 64 73 20 6d 65 6e 75 22 2c 22 68 31 62 20 76 69 73 61 20 6c 6f 74 74 65 72 79 20 72 65 73 75 6c 74 73 22 2c 22 76 65 6e 74 75 72 65 20 6f 76 65 72 77 61 74 63 68 20 68 65 72 6f 22 2c 22 77 77 65 20 77 72 65 73 74 6c 65 6d 61 6e 69 61 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 Data Ascii: 687)]}'["",["student protests vanderbilt","houston open golf","testament the story of moses netflix","quordle hints today","dairy queen free blizzards menu","h1b visa lottery results","venture overwatch hero","wwe wrestlemania"],["","","","","","","","
2024-03-28 07:30:33 UTC	1252	IN	Data Raw: 65 31 30 0d 0a 55 52 47 52 55 52 54 4e 47 46 6a 63 44 6c 79 4b 32 64 74 51 57 56 52 4d 6b 64 6b 51 30 74 4a 52 44 4d 35 5a 46 68 47 5a 45 35 54 62 54 52 4b 63 55 46 76 61 46 6c 31 62 58 56 4c 61 30 35 72 52 55 56 57 62 31 70 6d 4e 45 68 55 5a 33 42 5a 52 47 56 48 53 48 52 74 51 7a 4e 49 63 45 45 79 4d 6c 6c 45 61 46 70 48 51 54 46 75 53 46 46 4f 59 58 4a 58 62 69 39 6e 61 46 6c 5a 5a 6c 6c 52 4d 57 68 49 59 55 68 49 55 31 4a 6e 4d 45 4a 61 62 47 31 78 53 44 56 44 4d 45 77 78 64 55 4e 53 54 45 52 59 65 55 31 53 52 47 31 31 53 55 52 36 4f 47 39 4e 63 48 68 53 52 7a 4a 68 63 58 42 33 54 44 52 6a 62 33 6c 74 55 6d 55 72 51 57 77 30 61 46 64 35 4f 53 39 4b 53 31 46 50 53 55 78 74 64 6a 4a 31 4d 58 52 58 4e 30 5a 44 65 45 34 31 52 30 39 74 64 47 63 79 4e 32 46 Data Ascii: e10URGRURTNGFjcDlyK2dtQWVRMkdkQ0tJRDM5ZFhGZE5TbTRKcUFvaFl1bXVLa05rRUVWb1pmNEhUZ3BZRGVHSHRtQzNIcEEyMllEaFpHQTFuSFFOYXJXbi9naFlZZllRMWhIYUhIU1JnMEJabG1xSDVDMEwxdUNSTERYeU1SRG11SUR6OG9NcHhSRzJhcXB3TDRjb3ltUmUrQWw0aFd5OS9KS1FPSUxtdjJ1MXRXN0ZDeE41R09tdGcyN2F
2024-03-28 07:30:33 UTC	1252	IN	Data Raw: 54 31 4a 4c 4e 55 4e 5a 53 55 6b 39 4f 68 46 6f 62 33 56 7a 64 47 39 75 49 47 39 77 5a 57 34 67 5a 32 39 73 5a 6b 6f 48 49 32 45 7a 4d 57 51 78 59 6c 49 39 5a 33 4e 66 63 33 4e 77 50 57 56 4b 65 6d 6f 30 64 46 52 51 4d 56 52 6b 53 58 4e 55 51 33 42 4c 61 6b 70 6e 4f 55 4a 4d 54 58 6c 44 4f 48 52 4d 63 32 35 51 56 54 68 6e 64 6c 4e 4e 4d 56 52 54 54 56 39 51 55 31 46 4e 51 57 74 43 51 55 74 42 55 58 41 48 22 2c 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 7a 6c 22 3a 31 30 30 30 32 7d 2c 7b 22 67 6f 6f 67 6c 65 3a 65 6e 74 69 74 79 69 6e 66 6f 22 3a 22 43 67 6b 76 62 53 38 77 4d 6a 49 77 65 6d 73 53 44 46 Data Ascii: T1JLNUNZSUk9OhFob3VzdG9uIG9wZW4gZ29sZkoHI2EzMWQxYlI9Z3Nfc3NwPWVKemo0dFRQMVRkSXNUQ3BLakpnOUJMTXlDOHRMc25QVThndlNNMVRTTV9QU1FNQWtCQUtBUXAH","zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wMjIwemsSDF
2024-03-28 07:30:33 UTC	1103	IN	Data Raw: 30 63 31 42 75 61 47 34 76 62 6b 74 46 61 47 70 48 4d 44 64 6f 52 46 70 35 64 46 42 4b 57 6b 51 32 52 54 4a 7a 52 44 68 45 64 55 31 61 64 57 68 71 51 7a 55 78 62 45 51 77 4d 45 31 72 59 30 78 57 5a 46 56 48 53 7a 42 78 51 6d 4a 59 62 6a 42 6f 62 6c 42 75 56 57 64 42 5a 56 63 78 64 55 31 6b 4d 57 39 6e 63 54 68 77 55 30 64 6e 55 6c 68 58 64 48 45 32 54 33 52 72 51 6a 4e 43 55 32 56 69 65 6d 5a 34 56 6e 4e 44 62 57 4d 7a 56 6e 56 59 65 48 52 77 4d 56 4a 6f 61 6d 55 79 64 58 46 6f 52 6a 64 42 62 6d 64 50 56 7a 52 43 55 45 68 42 54 30 6c 43 4d 55 68 57 56 6b 30 7a 57 6e 42 4a 56 55 56 78 65 55 74 71 54 44 4a 4b 56 30 63 76 52 6a 4a 6a 55 6d 68 6b 5a 32 59 78 5a 6b 6b 33 57 46 64 79 51 30 68 55 54 6b 6f 34 64 31 46 4d 54 6b 31 6d 52 6c 55 32 51 57 68 6f 52 7a Data Ascii: 0c1BuaG4vbktFaGpHMDdoRFp5dFBKWkQ2RTJzRDhEdU1adWhqQzUxbEQwME1rY0xWZFVHSzBxQmJYbjBoblBuVWdBZVcxdU1kMW9ncThwU0dnUlhXdHE2T3RrQjNCU2ViemZ4VnNDbWMzVnVYeHRwMVJoamUydXFoRjdBbmdPVzRCUEhBT0lCMUhWVk0zWnBJVUVxeUtqTDJKV0cvRjJjUmhkZ2YxZkk3WFdyQ0hUTko4d1FMTk1mRlU2QWhoRz
2024-03-28 07:30:33 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	08:29:00
Start date:	28/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	08:29:00
Start date:	28/03/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=2000,i,17643291499873608431,12210868481373475866,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff7f9810000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	12
Start time:	08:29:29
Start date:	28/03/2024
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Imagebase:	0x7ff7e1c00000
File size:	71'680 bytes
MD5 hash:	EF3179D498793BF4234F708D3BE28633
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	15
Start time:	08:29:39
Start date:	28/03/2024
Path:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"
Imagebase:	0x7ff6ccd90000
File size:	3'378'176 bytes
MD5 hash:	7E11B5F9F7A7FE66809577EC83971972
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	20
Start time:	08:30:04
Start date:	28/03/2024
Path:	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe"
Imagebase:	0x7ff6ccd90000
File size:	3'378'176 bytes
MD5 hash:	7E11B5F9F7A7FE66809577EC83971972
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Networking

System Summary

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\AC\INetCache\39XPZQUY\ab[1].json

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json (copy)

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json.~tmp

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3e84b3.TMP (copy)

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3e9378.TMP (copy)

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3e9397.TMP (copy)

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3eec46.TMP (copy)

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3efca2.TMP (copy)

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3f100b.TMP (copy)

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json~RF3f102a.TMP (copy)

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_0.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_1.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_2.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_3.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_4.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_5.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_6.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_7.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\Canvas_8.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\EngineConfigId.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder (2)\SceneData.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_0.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_1.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_2.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_3.bin

C:\Users\user\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\WorkingFolder\Canvas_4.bin

Windows Analysis Report
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/pinrulesstl.cab?17ef43f9ed42b031