Windows Analysis Report
https://liumugan.com/click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494

Overview

General Information

Sample URL:	https://liumugan.com/click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840
Analysis ID:	1432427
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49727 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.5:49725 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49727 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494 HTTP/1.1Host: liumugan.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgSaEMC5GNaBsbEGIjBJ2HrbCfCIDrTmdlNO1XeoQsneEL4azbZ9RAYtwFOVqi08eifysRl1vof76mryV00yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-27-00; NID=513=KjrZD5xxsxnqZv4TYKlRGygV_lOeDx_QiY8vGkMjaifiEUll9PFgJhVDSmvoaBdyydArxf92nhe3Nk8GT6OU3VcjDYCaE-68dcwQz7vnxb8tL2T2QFd3X3iNE5wxO31Kqj9yqDyNqzgTfBXZGzt_k5CE5qZ3dc3JJpmPzJBgXUo
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgSaEMC5GNaBsbEGIjBCMg7DH_zbUP46wgbHI7zd-LMplAbIlnyAa2nU2W-NXoYPW1lInh_pM-Zjfz3fX6gyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-27-00; NID=513=DYMF9ZW8yaHJAfpT6EL066txgmvXs-i7Ad8bBuX3rLyfR8f1LzGE0YBdWxp14hejkNHiBgPoFPBsbNig1QImiBU1UfjKUx98YqgwBLEkkX3fdx9KCz6voCu__5UUdO04Z8TsUWTQy0G0sZY4a9DT_P9jcUAcYhWQaiwT0Era6Hs
Source: global traffic	HTTP traffic detected: GET /click.php?lp=1&uclick=xoydyd9li4 HTTP/1.1Host: liumugan.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://liumugan.com/click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uclick=xoydyd9li4; uclickhash=xoydyd9li4-xoydyd9li4-gh8n-7ve8-cim7-g5b4-g5nt-063e35
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: chromecache_67.2.dr

String found in binary or memory: "https://www.facebook.com/AppStore/" equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: liumugan.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1714176193007&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: chromecache_67.2.dr	String found in binary or memory: http://schema.org
Source: chromecache_67.2.dr	String found in binary or memory: http://www.apple.com/uk/itunes/download/
Source: chromecache_67.2.dr	String found in binary or memory: https://amp-api-edge.apps.apple.com
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/#organization
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/assets/images/knowledge-graph/apps.png
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/story/id1538632801
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/uy/app/onetab/id1540160809?mt=12
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/uy/developer/onetab-ltd/id1540160811
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/uy/developer/onetab-ltd/id1540160811"
Source: chromecache_64.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features116/v4/1c/2b/7c/1c2b7cc6-e029-9bf9-f26f-4b5f533ee2f
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features116/v4/6e/e2/e7/6ee2e7db-bf98-0d30-7adf-15aa80debeb
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features126/v4/09/15/89/091589bc-f33b-2d71-9e77-2ef3729cd95
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/dd/ab/aa/ddabaa74-a686-2677-8eda-6bd6603d57d5/
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/PurpleSource124/v4/c9/ce/32/c9ce321d-9cde-8a42-daf3-265b822
Source: chromecache_67.2.dr	String found in binary or memory: https://is2-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://is3-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://is4-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://is5-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://itunes.apple.com/subscribe?app=music
Source: chromecache_67.2.dr	String found in binary or memory: https://itunes.apple.com/uy/genre/id6002
Source: chromecache_67.2.dr	String found in binary or memory: https://itunes.apple.com/uy/genre/id6007
Source: chromecache_67.2.dr	String found in binary or memory: https://itunes.apple.com/uy/genre/id6007"
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/amp/musickit.js?t=1713369093418
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/components/musickit-components/
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/components/musickit-components//musickit-components.esm.j
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/components/musickit-components//musickit-components.js?t=
Source: chromecache_67.2.dr	String found in binary or memory: https://locate.apple.com/findlocations#latin_america
Source: chromecache_67.2.dr	String found in binary or memory: https://osxapps.itunes.apple.com/itunes-assets/Purple116/v4/84/ed/fd/84edfd82-7564-f0a9-a14c-c3d6a1c
Source: chromecache_67.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_67.2.dr	String found in binary or memory: https://support.apple.com/en-lamr
Source: chromecache_67.2.dr	String found in binary or memory: https://twitter.com/AppStore
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/#organization
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/api-www/global-elements/global-header/v1/assets/globalheader.css
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/choose-country-region/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/ios/app-store/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/itunes/download/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/airpods/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/buy/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/entertainment/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/ipad/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/iphone/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/legal/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/mac/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/privacy/privacy-policy/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/sitemap/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/tv-home/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/watch/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/uk/apple-arcade/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/uk/ios/app-store/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/uk/macos/mojave-preview/#mac-app-store
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/uy/macos/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.one-tab.com
Source: chromecache_67.2.dr	String found in binary or memory: https://www.one-tab.com/help
Source: chromecache_67.2.dr	String found in binary or memory: https://www.one-tab.com/privacy
Source: chromecache_67.2.dr	String found in binary or memory: https://www.wikidata.org/wiki/Q368215
Source: chromecache_67.2.dr	String found in binary or memory: https://xp.apple.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.5:49725 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@23/17@5/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2312,i,15348303060699435213,13828138307397343340,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,5295697509498573612,12469979411249020970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://liumugan.com/click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2312,i,15348303060699435213,13828138307397343340,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,5295697509498573612,12469979411249020970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.134.30.98	liumugan.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.41.4	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
www.google.com	142.251.41.4	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
liumugan.com	3.134.30.98	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgSaEMC5GNaBsbEGIjBJ2HrbCfCIDrTmdlNO1XeoQsneEL4azbZ9RAYtwFOVqi08eifysRl1vof76mryV00yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://liumugan.com/click.php?lp=1&uclick=xoydyd9li4	false	Avira URL Cloud: safe	unknown
https://www.google.com/async/newtab_promos	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgSaEMC5GNaBsbEGIjBCMg7DH_zbUP46wgbHI7zd-LMplAbIlnyAa2nU2W-NXoYPW1lInh_pM-Zjfz3fX6gyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 23:03:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	749E5B04D34997060EAF26329A8FF87A	AB3C6A0694DBF2D92B59553B8B8B2E4E0568D77A	60E77CECC4299A2E170922B0B9D00DD22A39CA4591045CFFF68A736150119D22
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 23:03:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	ED2F391823318A7E1433B4E2B167F453	F97177AD734CCD90FB09962D5905116D79AF1718	267204F31AEAB7E6ACE96945EBFD00A8013F89C7B7529F69469FBF175EDF317C
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	68115B88681D25A3B5446677DD15E225	1996DEF4A1E9D1158A3D77299AA83F30FFBDB972	366B05C21AF99E854A84FF4BC816CCFC4EC1B1695FECDD3B575176E690E877D9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 23:03:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	8C0DDB4E939FFE470308A69D20D1DC49	09985DE03EE45E7815359473DF426A5A7334DADC	541087172BBF6EAA100CEF7F3EC638EAB7ED231BFEEC0B721715BF04BCAD94A1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 23:03:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B13154C504309A4E330663A08555B6A9	62417246254391899AA75048E9092DE17B7ACAC2	1D7133DC937D332E69DD97999856673149E03AF3D292615E849C491B04051447
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 26 23:03:33 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FDAB2252E0E8E0C86AE4B62F10479E95	CB4FCA89BFC3FB864DE618814255A6AB63D7F2D3	8AA9E91B7EA100AACD8ED7DB3A6F1F5EEE7BB9781A99D49CBF051BB55B9D9251
Chrome Cache Entry: 62	ASCII text, with very long lines (745)	0E573305F7534A9EF640C0895C466494	264B41F13A7F739D1E3D8BF4B360DA049E0290AC	7FD8068C46C4D7554C6FDD42F3D3083282409F540C6DAC5B6BF91F98CDFAEC93
Chrome Cache Entry: 63	Web Open Font Format (Version 2), TrueType, length 15860, version 1.0	E9F5AAF547F165386CD313B995DDDD8E	ACDEF5603C2387B0E5BFFD744B679A24A8BC1968	F5AEBDFEA35D1E7656EF4ACC5DB1F243209755AE3300943EF8FC6280F363C860
Chrome Cache Entry: 64	HTML document, ASCII text	213D2BB8E6222D6FADE65BBC247E2F82	024FB2007DC7FFE79B2428107930644C3601591A	9E0A68847EA452C9E7934B5249009194460ED005D504B3B5AC8FCA6C173CF8B5
Chrome Cache Entry: 65	Web Open Font Format (Version 2), TrueType, length 15744, version 1.0	15D9F621C3BD1599F0169DCF0BD5E63E	7CA9C5967F3BB8BFFEAB24B639B49C1E7D03FA52	F6734F8177112C0839B961F96D813FCB189D81B60E96C33278C1983B6F419615
Chrome Cache Entry: 66	ASCII text	4E3C0364981FEF592C32B4E469B7A715	49A51C52BC78D231B6F0CC2705BE21FB2570DCEE	396BD1AB182A204C8C227C5D6AEF6CBE3A3481500E816635B408DA715695DFA1
Chrome Cache Entry: 67	HTML document, Unicode text, UTF-8 text, with very long lines (23712)	7C5377253BF43021FB06349824676EAD	500FF00E0940F1AA8D1C6FB98B2ABF2117BE8E3B	8170AC6D21A3BFF3B1D88125F1D8F62F096F5CB155B9F56E61B7DB491200E7BB

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49727 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.5:49725 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49727 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.76.104.139
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494 HTTP/1.1Host: liumugan.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgSaEMC5GNaBsbEGIjBJ2HrbCfCIDrTmdlNO1XeoQsneEL4azbZ9RAYtwFOVqi08eifysRl1vof76mryV00yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-27-00; NID=513=KjrZD5xxsxnqZv4TYKlRGygV_lOeDx_QiY8vGkMjaifiEUll9PFgJhVDSmvoaBdyydArxf92nhe3Nk8GT6OU3VcjDYCaE-68dcwQz7vnxb8tL2T2QFd3X3iNE5wxO31Kqj9yqDyNqzgTfBXZGzt_k5CE5qZ3dc3JJpmPzJBgXUo
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgSaEMC5GNaBsbEGIjBCMg7DH_zbUP46wgbHI7zd-LMplAbIlnyAa2nU2W-NXoYPW1lInh_pM-Zjfz3fX6gyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlaHLAQiFoM0BCNy9zQEI2sPNAQjpxc0BCLnKzQEIv9HNAQiK080BCNDWzQEIqNjNAQj5wNQVGI/OzQEYutLNARjC2M0BGOuNpRc=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1P_JAR=2024-04-27-00; NID=513=DYMF9ZW8yaHJAfpT6EL066txgmvXs-i7Ad8bBuX3rLyfR8f1LzGE0YBdWxp14hejkNHiBgPoFPBsbNig1QImiBU1UfjKUx98YqgwBLEkkX3fdx9KCz6voCu__5UUdO04Z8TsUWTQy0G0sZY4a9DT_P9jcUAcYhWQaiwT0Era6Hs
Source: global traffic	HTTP traffic detected: GET /click.php?lp=1&uclick=xoydyd9li4 HTTP/1.1Host: liumugan.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://liumugan.com/click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uclick=xoydyd9li4; uclickhash=xoydyd9li4-xoydyd9li4-gh8n-7ve8-cim7-g5b4-g5nt-063e35
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: chromecache_67.2.dr

String found in binary or memory: "https://www.facebook.com/AppStore/" equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: liumugan.com

Source: unknown

Source: chromecache_67.2.dr	String found in binary or memory: http://schema.org
Source: chromecache_67.2.dr	String found in binary or memory: http://www.apple.com/uk/itunes/download/
Source: chromecache_67.2.dr	String found in binary or memory: https://amp-api-edge.apps.apple.com
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/#organization
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/assets/images/knowledge-graph/apps.png
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/story/id1538632801
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/uy/app/onetab/id1540160809?mt=12
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/uy/developer/onetab-ltd/id1540160811
Source: chromecache_67.2.dr	String found in binary or memory: https://apps.apple.com/uy/developer/onetab-ltd/id1540160811"
Source: chromecache_64.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_66.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features116/v4/1c/2b/7c/1c2b7cc6-e029-9bf9-f26f-4b5f533ee2f
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features116/v4/6e/e2/e7/6ee2e7db-bf98-0d30-7adf-15aa80debeb
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Features126/v4/09/15/89/091589bc-f33b-2d71-9e77-2ef3729cd95
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/Purple126/v4/dd/ab/aa/ddabaa74-a686-2677-8eda-6bd6603d57d5/
Source: chromecache_67.2.dr	String found in binary or memory: https://is1-ssl.mzstatic.com/image/thumb/PurpleSource124/v4/c9/ce/32/c9ce321d-9cde-8a42-daf3-265b822
Source: chromecache_67.2.dr	String found in binary or memory: https://is2-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://is3-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://is4-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://is5-ssl.mzstatic.com
Source: chromecache_67.2.dr	String found in binary or memory: https://itunes.apple.com/subscribe?app=music
Source: chromecache_67.2.dr	String found in binary or memory: https://itunes.apple.com/uy/genre/id6002
Source: chromecache_67.2.dr	String found in binary or memory: https://itunes.apple.com/uy/genre/id6007
Source: chromecache_67.2.dr	String found in binary or memory: https://itunes.apple.com/uy/genre/id6007"
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/amp/musickit.js?t=1713369093418
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/components/musickit-components/
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/components/musickit-components//musickit-components.esm.j
Source: chromecache_67.2.dr	String found in binary or memory: https://js-cdn.music.apple.com/musickit/v2/components/musickit-components//musickit-components.js?t=
Source: chromecache_67.2.dr	String found in binary or memory: https://locate.apple.com/findlocations#latin_america
Source: chromecache_67.2.dr	String found in binary or memory: https://osxapps.itunes.apple.com/itunes-assets/Purple116/v4/84/ed/fd/84edfd82-7564-f0a9-a14c-c3d6a1c
Source: chromecache_67.2.dr	String found in binary or memory: https://schema.org
Source: chromecache_67.2.dr	String found in binary or memory: https://support.apple.com/en-lamr
Source: chromecache_67.2.dr	String found in binary or memory: https://twitter.com/AppStore
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/#organization
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/api-www/global-elements/global-header/v1/assets/globalheader.css
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/choose-country-region/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/ios/app-store/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/itunes/download/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/airpods/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/buy/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/entertainment/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/ipad/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/iphone/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/legal/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/mac/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/privacy/privacy-policy/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/sitemap/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/tv-home/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/lae/watch/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/uk/apple-arcade/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/uk/ios/app-store/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/uk/macos/mojave-preview/#mac-app-store
Source: chromecache_67.2.dr	String found in binary or memory: https://www.apple.com/uy/macos/
Source: chromecache_67.2.dr	String found in binary or memory: https://www.one-tab.com
Source: chromecache_67.2.dr	String found in binary or memory: https://www.one-tab.com/help
Source: chromecache_67.2.dr	String found in binary or memory: https://www.one-tab.com/privacy
Source: chromecache_67.2.dr	String found in binary or memory: https://www.wikidata.org/wiki/Q368215
Source: chromecache_67.2.dr	String found in binary or memory: https://xp.apple.com

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443

Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.5:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.76.104.139:443 -> 192.168.2.5:49725 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@23/17@5/4

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2312,i,15348303060699435213,13828138307397343340,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http:///
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,5295697509498573612,12469979411249020970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://liumugan.com/click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 --field-trial-handle=2312,i,15348303060699435213,13828138307397343340,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 --field-trial-handle=2012,i,5295697509498573612,12469979411249020970,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Install

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1432427
Product:	CloudBasic
Start time:	02:02:40
Start date:	27.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://liumugan.com/click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://liumugan.com/click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://liumugan.com/click.php?key=u68h3lc85fvstvrsqxpm&cid=com39uqovn9vqlj36hdg&zone=3777459-3943232122-3786755655&campaign=321305220&type=Push&age=0&creative_id=376401&campaign_id=88260&site_id=4840&placement_id=42664961&preset_id=494