Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Nexora.exe

Overview

General Information

Sample name:Nexora.exe
Analysis ID:1634505
MD5:ffe3ebc89728953cb860feb157042685
SHA1:8253a64375a3a7c4e5e35fc5ea31b9b7c8dcd3dd
SHA256:59f40bd2af2ae0929a88afe584e866e701ffed6165a43b3ae0b493c1639c2f1a
Tags:exeLummaStealeruser-TornadoAV_dev
Infos:

Detection

Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Attempt to bypass Chrome Application-Bound Encryption
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
.NET source code contains potential unpacker
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Nexora.exe (PID: 7164 cmdline: "C:\Users\user\Desktop\Nexora.exe" MD5: FFE3EBC89728953CB860FEB157042685)
    • AppLaunch.exe (PID: 6696 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe" MD5: 89D41E1CF478A3D3C2C701A27A5692B2)
      • chrome.exe (PID: 6916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223 MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 2668 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2260,i,1949960776380522775,10280748617452592649,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2360 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1055257391.0000000003A81000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.1053275828.0000000003280000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
    • 0x135878:$x64: 06 B8 03 40 00 80 C3 4C 8B 49 10 49
    • 0x138e0e:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
    00000000.00000002.1078653545.0000000004DFD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000002.00000002.2142277950.00000000050F9000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.1095530079.0000000006790000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Click to see the 3 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.Nexora.exe.4dff9f7.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            0.2.Nexora.exe.4a85570.6.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.Nexora.exe.4dff9f7.1.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.Nexora.exe.6790000.11.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.Nexora.exe.6790000.11.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    Click to see the 3 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Browser Started with Remote Debugging
                    Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe, ParentProcessId: 6696, ParentProcessName: AppLaunch.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223, ProcessId: 6916, ProcessName: chrome.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-03-11T00:43:05.415879+010020283713Unknown Traffic192.168.2.749684172.67.152.244443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: Nexora.exeAvira: detected
                    Multi AV Scanner detection for submitted file
                    Source: Nexora.exeVirustotal: Detection: 20%Perma Link
                    Source: Nexora.exeReversingLabs: Detection: 21%
                    Joe Sandbox ML detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
                    Source: Nexora.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 172.67.152.244:443 -> 192.168.2.7:49684 version: TLS 1.2
                    Source: Nexora.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Nexora.exe, 00000000.00000002.1078653545.0000000004C6C000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1101711552.0000000007020000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Nexora.exe, 00000000.00000002.1078653545.0000000004C6C000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1101711552.0000000007020000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmp
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+4C6E5BC6h]2_2_0044D020
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov dword ptr [esp+0Ch], edx2_2_0040E830
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov dword ptr [esi], ebx2_2_0040E830
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp word ptr [edi+ebx], 0000h2_2_0044B9A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+7B8E0828h]2_2_0041CB46
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+31C48B22h]2_2_00443B00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then lea edi, dword ptr [eax+070A39A0h]2_2_00412BD7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+4C6E5BC2h]2_2_0044C530
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then push eax2_2_0044953F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then push esi2_2_0041DDC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-186CCFC6h]2_2_004476C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov edx, dword ptr [ecx+esi+3Ch]2_2_004476C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+70h]2_2_0041CECB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+1C010B3Ah]2_2_0040D7C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edi, byte ptr [esp+edx+2E5A4C14h]2_2_0040D7C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 18A944CDh2_2_0041F075
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+08h]2_2_0043314C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-4A38BC72h]2_2_0041D97C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h2_2_0041D97C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movsx edx, byte ptr [ebx+ecx]2_2_0044A915
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp al, 5Ch2_2_00402130
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov byte ptr [edi], bl2_2_0040C180
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 1ED597A4h2_2_00447980
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+4C6E5BC6h]2_2_0044D180
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-4A38BC72h]2_2_0041BBE6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h2_2_0041BBE6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ebp+02h]2_2_00429A40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+070A39CCh]2_2_00430A40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 7A542AABh2_2_0044C200
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then push esi2_2_00411A0D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]2_2_0040A230
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]2_2_0040A230
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+08h]2_2_0040E2D4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-691C0498h]2_2_00438AFB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+16h]2_2_00438AFB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]2_2_004102FE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-444B2606h]2_2_0044BAA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx eax, byte ptr [ebp+edi+00000090h]2_2_00402B50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then jmp dword ptr [00453BFCh]2_2_00432356
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ebx, byte ptr [ebp+eax+070A3970h]2_2_0042FB30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov edx, esi2_2_0041BBC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edi, byte ptr [ecx]2_2_0041BBC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov dword ptr [esp+04h], eax2_2_0041BBC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ebp, byte ptr [esp+ecx+04h]2_2_004203D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+16h]2_2_00438BE8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ebx, byte ptr [edx]2_2_00440C40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx esi, byte ptr [esp+edi+04h]2_2_0044B450
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov byte ptr [edi], al2_2_00438C36
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]2_2_0041ACC0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-3E88CADCh]2_2_0041C4EF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-757569DEh]2_2_004304B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+070A39A0h]2_2_004304B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx eax, di2_2_004304B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp word ptr [esi+eax+02h], 0000h2_2_00429560
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h2_2_00429560
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov byte ptr [esp+ebx+08h], cl2_2_0040E518
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx esi, byte ptr [ebx+eax]2_2_00410D1C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-72h]2_2_004235C9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+070A39ACh]2_2_00420D80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-377C9EDAh]2_2_00420D80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 6D58C181h2_2_00420D80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-1028CA64h]2_2_00411D9B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-72h]2_2_004235AE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov word ptr [eax], cx2_2_0043360F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov edi, dword ptr [ecx+esi*4-000009BCh]2_2_0040D6F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-5E1C168Ch]2_2_0041E744
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov dword ptr [ebp-18h], esi2_2_0044975C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 743EDB10h2_2_0044BF20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+000000C8h]2_2_00412FC3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]2_2_004347F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then mov dword ptr [esp+14h], esi2_2_00447F80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]2_2_00447F80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]2_2_00447F80
                    Source: global trafficTCP traffic: 192.168.2.7:62353 -> 1.1.1.1:53
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49684 -> 172.67.152.244:443
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 23.199.215.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.18.98.62
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
                    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
                    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
                    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
                    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
                    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
                    Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
                    Source: unknownTCP traffic detected without corresponding DNS query: 184.30.131.245
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.15
                    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
                    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.186.35
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00425A50 recv,2_2_00425A50
                    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiKo8sBCIWgzQEI9s/OAQiB1s4BCMnczgEIhODOAQii5M4BCK/kzgEI6eTOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CI62yQEIpLbJAQipncoBCNrwygEIkqHLAQiKo8sBCIWgzQE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                    Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                    Source: chrome.exe, 00000003.00000003.1121963920.00000F5C01004000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1143795891.00000F5C00304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
                    Source: chrome.exe, 00000003.00000003.1121963920.00000F5C01004000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1143795891.00000F5C00304000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                    Source: chrome.exe, 00000003.00000002.2160232191.00000F5C0044C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                    Source: global trafficDNS traffic detected: DNS query: cueddlycrea.run
                    Source: global trafficDNS traffic detected: DNS query: www.google.com
                    Source: global trafficDNS traffic detected: DNS query: apis.google.com
                    Source: global trafficDNS traffic detected: DNS query: play.google.com
                    Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
                    Source: unknownHTTP traffic detected: POST /PQWzd HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 61Host: cueddlycrea.run
                    Source: Nexora.exeString found in binary or memory: http://avsdop.com/AVSWebService/utf-8http://avsdop.com/AVSWebService/AVSRequest%llu%cX1
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                    Source: chrome.exe, 00000003.00000002.2162152657.00000F5C00890000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
                    Source: chrome.exe, 00000003.00000002.2173371762.00000F5C01D70000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/uma/v2
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAt
                    Source: chrome.exe, 00000003.00000002.2158008864.00000F5C00074000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
                    Source: chrome.exe, 00000003.00000002.2164917567.00000F5C00EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
                    Source: chrome.exe, 00000003.00000002.2164917567.00000F5C00EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx30/
                    Source: chrome.exe, 00000003.00000003.1780284415.00000F5C012D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.0/
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.0/mcfjlbnicoc
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemjh
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkihi
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/actmp2nnbu2ymifm2754i72stp5a_9605/hfnkpimlhhgieaddgfe
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglejhemejginpboa
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/acwdvlndwbio5flgptu6licnn44q_2025.2.25.0/gonpemdgkjce
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfimgkfmp
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojlnjndmcbiieeg
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnkkcocm
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpng
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/kiabhabjdbkj
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/aqycho6ebjt4lkm75dietvcqni_3064/jflookgnkcckhobaglndi
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanleaf
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/pmagihnlncbce
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/gqxqepn5mr6ajfbgvijf7siwgy_2025.3.4.1202/ggkkehgbnfjp
                    Source: chrome.exe, 00000003.00000002.2158008864.00000F5C00099000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcji
                    Source: chrome.exe, 00000003.00000002.2157830930.00000F5C00014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/inc4skbz6ysglh4mhehkajf2mq_20250226.732734858.14/obed
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpmjfbkg
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/m5mcazcztvqskzuckun4qbabza_2025.3.9.1/jflhchccmppkfeb
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/pkap37pjanhqytozbeza7qsifm_2025.2.21.0/niikhdgajlphfe
                    Source: chrome.exe, 00000003.00000002.2165464580.00000F5C01064000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
                    Source: chrome.exe, 00000003.00000002.2169968060.00000F5C01664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
                    Source: chrome.exe, 00000003.00000002.2164917567.00000F5C00EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx
                    Source: chrome.exe, 00000003.00000003.1780284415.00000F5C012D8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.0
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebnd
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/actmp2nnbu2ymifm2754i72stp5a_9605/hfnkpim
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglej
                    Source: chrome.exe, 00000003.00000002.2157830930.00000F5C00014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwdvlndwbio5flgptu6licnn44q_2025.2.25.0/
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbj
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojl
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjk
                    Source: chrome.exe, 00000003.00000002.2162801812.00000F5C009A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.23
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aqycho6ebjt4lkm75dietvcqni_3064/jflookgnk
                    Source: chrome.exe, 00000003.00000002.2157830930.00000F5C00014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/p
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/gqxqepn5mr6ajfbgvijf7siwgy_2025.3.4.1202/
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/nei
                    Source: chrome.exe, 00000003.00000002.2168270125.00000F5C01360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/inc4skbz6ysglh4mhehkajf2mq_20250226.73273
                    Source: chrome.exe, 00000003.00000002.2158008864.00000F5C00099000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbog
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pk
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/m5mcazcztvqskzuckun4qbabza_2025.3.9.1/jfl
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/pkap37pjanhqytozbeza7qsifm_2025.2.21.0/ni
                    Source: chrome.exe, 00000003.00000002.2157965823.00000F5C0006C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                    Source: chrome.exe, 00000003.00000002.2163428201.00000F5C00A58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2159069517.00000F5C001D4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://r3---sn-hp57yns7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT
                    Source: chrome.exe, 00000003.00000002.2164669390.00000F5C00E18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151823494.0000019A13237000.00000004.10000000.00040000.00000000.sdmp, chrome.exe, 00000003.00000002.2158008864.00000F5C00099000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
                    Source: chrome.exe, 00000003.00000002.2169968060.00000F5C01664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
                    Source: chrome.exe, 00000003.00000002.2164917567.00000F5C00EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
                    Source: Nexora.exeString found in binary or memory: http://schemas.datacontract.org/2004/07/Microsoft.Terminology.WebService.Index.Core
                    Source: Nexora.exeString found in binary or memory: http://schemas.datacontract.org/2004/07/Microsoft.Terminology.WebService.Index.Entities
                    Source: Nexora.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                    Source: Nexora.exeString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: Nexora.exe, 00000000.00000002.1055257391.0000000003A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: Nexora.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                    Source: Nexora.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/http/
                    Source: Nexora.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap/
                    Source: Nexora.exeString found in binary or memory: http://schemas.xmlsoap.org/wsdl/soap12/SV
                    Source: chrome.exe, 00000003.00000002.2164637032.00000F5C00E04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                    Source: Nexora.exeString found in binary or memory: http://www.avsdop.com/avswebservice/service.asmx
                    Source: Nexora.exeString found in binary or memory: http://www.avsdop.com/avswebservice/service.asmxAVS4YOU
                    Source: Nexora.exeString found in binary or memory: http://www.borland.com/namespaces/Types
                    Source: Nexora.exeString found in binary or memory: http://www.borland.com/rootpart.xml
                    Source: chromecache_82.4.drString found in binary or memory: http://www.broofa.com
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgy
                    Source: chrome.exe, 00000003.00000002.2169968060.00000F5C01664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
                    Source: chrome.exe, 00000003.00000002.2164917567.00000F5C00EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
                    Source: chrome.exe, 00000003.00000003.1780284415.00000F5C012D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.0/
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.0/mcfjlbn
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppe
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnn
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/actmp2nnbu2ymifm2754i72stp5a_9605/hfnkpimlhhgiead
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglejhemejgin
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acwdvlndwbio5flgptu6licnn44q_2025.2.25.0/gonpemdg
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfimg
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojlnjndmcbi
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnkk
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eei
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/kiabhabj
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/aqycho6ebjt4lkm75dietvcqni_3064/jflookgnkcckhobag
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/pmagihnln
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/gqxqepn5mr6ajfbgvijf7siwgy_2025.3.4.1202/ggkkehgb
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindgg
                    Source: chrome.exe, 00000003.00000002.2168270125.00000F5C01360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/inc4skbz6ysglh4mhehkajf2mq_20250226.732734858.14/
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhl
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpmj
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/m5mcazcztvqskzuckun4qbabza_2025.3.9.1/jflhchccmpp
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/pkap37pjanhqytozbeza7qsifm_2025.2.21.0/niikhdgajl
                    Source: chrome.exe, 00000003.00000002.2160275082.00000F5C0045C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/update2/response
                    Source: chrome.exe, 00000003.00000002.2164669390.00000F5C00E18000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                    Source: chrome.exe, 00000003.00000002.2147854328.0000019A0FD22000.00000002.00000001.00040000.00000010.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
                    Source: chrome.exe, 00000003.00000002.2164564529.00000F5C00DE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                    Source: chrome.exe, 00000003.00000002.2157830930.00000F5C00014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                    Source: chrome.exe, 00000003.00000002.2161548760.00000F5C0076C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172402336.00000F5C01868000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1121166328.00000F5C00768000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2161435600.00000F5C00720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                    Source: chrome.exe, 00000003.00000002.2172402336.00000F5C01868000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                    Source: chrome.exe, 00000003.00000002.2158008864.00000F5C00074000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                    Source: chromecache_80.4.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
                    Source: chromecache_80.4.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                    Source: chrome.exe, 00000003.00000002.2161435600.00000F5C00720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                    Source: Nexora.exeString found in binary or memory: https://api-free.deepl.com/v2/languages?auth_key=%s&type=%s
                    Source: Nexora.exeString found in binary or memory: https://api-free.deepl.com/v2/translate?auth_key=%s&text=%s&source_lang=%s&target_lang=%s
                    Source: Nexora.exeString found in binary or memory: https://api.cognitive.microsofttranslator.com/languages?api-version=3.0&scope=translation
                    Source: Nexora.exeString found in binary or memory: https://api.cognitive.microsofttranslator.com/translate?api-version=3.0&from=%s&to=%s
                    Source: Nexora.exeString found in binary or memory: https://api.deepl.com/v2/languages?auth_key=%s&type=%s
                    Source: Nexora.exeString found in binary or memory: https://api.deepl.com/v2/translate?auth_key=%s&text=%s&source_lang=%s&target_lang=%s
                    Source: chrome.exe, 00000003.00000003.1261490295.00000F5C01ED4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173916488.00000F5C01EE1000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261717864.00000F5C01F34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262026307.00000F5C01EF8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261749948.00000F5C01F3C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261785279.00000F5C01F44000.00000004.00001000.00020000.00000000.sdmp, chromecache_82.4.dr, chromecache_80.4.drString found in binary or memory: https://apis.google.com
                    Source: chrome.exe, 00000003.00000002.2167835360.00000F5C012E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2158438659.00000F5C000F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes
                    Source: Nexora.exeString found in binary or memory: https://avs4you.com/
                    Source: Nexora.exeString found in binary or memory: https://avs4you.com/ru/de/fr/es/it/jp/nl/ko/pt/pl/da/uninstall-offer.aspx?SRC=InProductUninstallopen
                    Source: chrome.exe, 00000003.00000002.2162569333.00000F5C0095C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
                    Source: chrome.exe, 00000003.00000003.1157961790.00000F5C00584000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1157924241.00000F5C01394000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1158044121.00000F5C01004000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1143757309.00000F5C01420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
                    Source: chrome.exe, 00000003.00000002.2164170486.00000F5C00CB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165629127.00000F5C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163675141.00000F5C00B38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                    Source: chrome.exe, 00000003.00000002.2164564529.00000F5C00DE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: chrome.exe, 00000003.00000002.2164564529.00000F5C00DE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: chrome.exe, 00000003.00000002.2164564529.00000F5C00DE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: chrome.exe, 00000003.00000003.1144133822.00000F5C014C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2162427469.00000F5C00914000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
                    Source: chrome.exe, 00000003.00000002.2170684788.00000F5C016F4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2164669390.00000F5C00E18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163997667.00000F5C00C04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
                    Source: chrome.exe, 00000003.00000003.1144133822.00000F5C014C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
                    Source: chrome.exe, 00000003.00000003.1096035939.00000F5800504000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159490729.00000F5C01A6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/AttributionReportingCrossAppWeb
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1095564841.00000F58004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1095156397.00000F58004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
                    Source: chrome.exe, 00000003.00000002.2159002680.00000F5C001B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                    Source: chrome.exe, 00000003.00000002.2162951403.00000F5C009CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
                    Source: chrome.exe, 00000003.00000002.2162951403.00000F5C009CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                    Source: chrome.exe, 00000003.00000002.2163774101.00000F5C00B78000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.goog
                    Source: chrome.exe, 00000003.00000003.1088403923.00004038000DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                    Source: chrome.exe, 00000003.00000002.2159002680.00000F5C001B4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262218927.00000F5C01110000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2162518466.00000F5C00944000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165833945.00000F5C01114000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1428611908.00000F5C01110000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1122108419.00000F5C01110000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                    Source: chrome.exe, 00000003.00000002.2161943709.00000F5C0081C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                    Source: chrome.exe, 00000003.00000002.2161943709.00000F5C0081C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                    Source: chrome.exe, 00000003.00000002.2161943709.00000F5C0081C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                    Source: chromecache_80.4.drString found in binary or memory: https://clients6.google.com
                    Source: chrome.exe, 00000003.00000002.2162152657.00000F5C00890000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
                    Source: chrome.exe, 00000003.00000003.1780767596.00000F5C004C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/uma/v2
                    Source: chromecache_80.4.drString found in binary or memory: https://content.googleapis.com
                    Source: chrome.exe, 00000003.00000002.2168647620.00000F5C01404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2158795540.00000F5C00160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1
                    Source: chrome.exe, 00000003.00000002.2168647620.00000F5C01404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2158795540.00000F5C00160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1Content-Type:
                    Source: chrome.exe, 00000003.00000002.2168647620.00000F5C01404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/download-dt/1d
                    Source: chrome.exe, 00000003.00000002.2160110327.00000F5C00414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                    Source: chrome.exe, 00000003.00000002.2151823494.0000019A1323D000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/asuacrsguc:50:0
                    Source: chrome.exe, 00000003.00000002.2151823494.0000019A1323D000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0
                    Source: chrome.exe, 00000003.00000002.2168647620.00000F5C01404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2168957847.00000F5C0150C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151823494.0000019A1323D000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0Cross-Origin-Opener-Policy-Report-Only:
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjA
                    Source: chrome.exe, 00000003.00000002.2158008864.00000F5C00074000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
                    Source: chrome.exe, 00000003.00000002.2164917567.00000F5C00EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
                    Source: chrome.exe, 00000003.00000003.1780284415.00000F5C012D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.0/
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.0/mcfjlbnico
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemj
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcnnkih
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/actmp2nnbu2ymifm2754i72stp5a_9605/hfnkpimlhhgieaddgf
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglejhemejginpbo
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/acwdvlndwbio5flgptu6licnn44q_2025.2.25.0/gonpemdgkjc
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfimgkfm
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojlnjndmcbiiee
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnkkcoc
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/kiabhabjdbk
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/aqycho6ebjt4lkm75dietvcqni_3064/jflookgnkcckhobaglnd
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanlea
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/pmagihnlncbc
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/gqxqepn5mr6ajfbgvijf7siwgy_2025.3.4.1202/ggkkehgbnfj
                    Source: chrome.exe, 00000003.00000002.2158008864.00000F5C00099000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindggfcj
                    Source: chrome.exe, 00000003.00000002.2157830930.00000F5C00014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/inc4skbz6ysglh4mhehkajf2mq_20250226.732734858.14/obe
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaae
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpmjfbk
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/m5mcazcztvqskzuckun4qbabza_2025.3.9.1/jflhchccmppkfe
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/pkap37pjanhqytozbeza7qsifm_2025.2.21.0/niikhdgajlphf
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
                    Source: chrome.exe, 00000003.00000003.1121166328.00000F5C00768000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2160232191.00000F5C0044C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000003.00000002.2164170486.00000F5C00CB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165629127.00000F5C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163675141.00000F5C00B38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                    Source: chrome.exe, 00000003.00000002.2164170486.00000F5C00CB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165629127.00000F5C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163675141.00000F5C00B38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                    Source: chrome.exe, 00000003.00000003.1121166328.00000F5C00768000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2160232191.00000F5C0044C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000003.00000002.2164170486.00000F5C00CB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165629127.00000F5C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163675141.00000F5C00B38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2160232191.00000F5C0044C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000003.00000002.2164170486.00000F5C00CB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165629127.00000F5C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163675141.00000F5C00B38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                    Source: chromecache_80.4.drString found in binary or memory: https://domains.google.com/suggest/flow
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2160232191.00000F5C0044C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000003.00000002.2169968060.00000F5C01664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
                    Source: chrome.exe, 00000003.00000002.2164917567.00000F5C00EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
                    Source: chrome.exe, 00000003.00000003.1780284415.00000F5C012D8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebn
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/actmp2nnbu2ymifm2754i72stp5a_9605/hfnkpi
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelgle
                    Source: chrome.exe, 00000003.00000002.2157830930.00000F5C00014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwdvlndwbio5flgptu6licnn44q_2025.2.25.0
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbb
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efnioj
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmj
                    Source: chrome.exe, 00000003.00000002.2162801812.00000F5C009A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.2
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/aqycho6ebjt4lkm75dietvcqni_3064/jflookgn
                    Source: chrome.exe, 00000003.00000002.2157830930.00000F5C00014000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.130
                    Source: chrome.exe, 00000003.00000002.2162801812.00000F5C009A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/gqxqepn5mr6ajfbgvijf7siwgy_2025.3.4.1202
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/ne
                    Source: chrome.exe, 00000003.00000002.2168270125.00000F5C01360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/inc4skbz6ysglh4mhehkajf2mq_20250226.7327
                    Source: chrome.exe, 00000003.00000002.2158008864.00000F5C00099000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbo
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/p
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/m5mcazcztvqskzuckun4qbabza_2025.3.9.1/jf
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/pkap37pjanhqytozbeza7qsifm_2025.2.21.0/n
                    Source: chrome.exe, 00000003.00000003.1157455661.00000F5C01574000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1144255086.00000F5C01524000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1144490429.00000F5C014E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.google.com/icons?selected=Material
                    Source: chromecache_82.4.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
                    Source: chromecache_82.4.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
                    Source: chromecache_82.4.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
                    Source: chromecache_82.4.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
                    Source: chrome.exe, 00000003.00000002.2164564529.00000F5C00DE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159272638.00000F5C0196C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159183859.00000F5C01950000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?20
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159272638.00000F5C0196C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159183859.00000F5C01950000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic2
                    Source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: chrome.exe, 00000003.00000003.1095156397.00000F58004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                    Source: chrome.exe, 00000003.00000003.1095091994.00000F58004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/https://google-ohttp-relay-join.fastly-edge.com/
                    Source: chrome.exe, 00000003.00000003.1095091994.00000F58004CC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159490729.00000F5C01A6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1095564841.00000F58004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1095156397.00000F58004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                    Source: chrome.exe, 00000003.00000003.1095091994.00000F58004CC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1095564841.00000F58004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1095156397.00000F58004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
                    Source: chrome.exe, 00000003.00000003.1095091994.00000F58004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
                    Source: chrome.exe, 00000003.00000003.1095091994.00000F58004CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Pre
                    Source: chrome.exe, 00000003.00000003.1095091994.00000F58004CC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1095564841.00000F58004E0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1095156397.00000F58004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2157798719.00000F5C00004000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                    Source: chrome.exe, 00000003.00000002.2162355585.00000F5C008FC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159314020.00000F5C01C70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                    Source: chrome.exe, 00000003.00000002.2163904523.00000F5C00BCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2164398852.00000F5C00D6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2166983310.00000F5C011C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                    Source: chrome.exe, 00000003.00000002.2160194870.00000F5C0043C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                    Source: chrome.exe, 00000003.00000003.1157961790.00000F5C00584000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1158044121.00000F5C01004000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                    Source: chrome.exe, 00000003.00000002.2161548760.00000F5C0076C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2167771182.00000F5C012B4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2167476893.00000F5C01268000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165629127.00000F5C010A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1121166328.00000F5C00768000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2162993995.00000F5C009EC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/:
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/J
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165222450.00000F5C00FE4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2170313670.00000F5C0169C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2171421656.00000F5C017DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
                    Source: chrome.exe, 00000003.00000002.2165222450.00000F5C00FE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_defaulterValidator
                    Source: chrome.exe, 00000003.00000002.2171421656.00000F5C017DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_defaultfault
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                    Source: chrome.exe, 00000003.00000002.2160194870.00000F5C0043C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                    Source: chrome.exe, 00000003.00000003.1121166328.00000F5C00768000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2160232191.00000F5C0044C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000003.00000002.2164034761.00000F5C00C44000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163592327.00000F5C00AD0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2166983310.00000F5C011C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                    Source: chrome.exe, 00000003.00000002.2164202696.00000F5C00CC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2162951403.00000F5C009CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                    Source: chrome.exe, 00000003.00000002.2164202696.00000F5C00CC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2162951403.00000F5C009CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                    Source: chrome.exe, 00000003.00000002.2164202696.00000F5C00CC8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhoneg2
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
                    Source: chrome.exe, 00000003.00000002.2164202696.00000F5C00CC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2162951403.00000F5C009CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmp, chrome.exe, 00000003.00000002.2163997667.00000F5C00C04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1122152924.00000F5C011A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                    Source: chrome.exe, 00000003.00000003.1261490295.00000F5C01ED4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173916488.00000F5C01EE1000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261717864.00000F5C01F34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262026307.00000F5C01EF8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261749948.00000F5C01F3C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261785279.00000F5C01F44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                    Source: chrome.exe, 00000003.00000002.2168421905.00000F5C013B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                    Source: chrome.exe, 00000003.00000003.1261490295.00000F5C01ED4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173916488.00000F5C01EE1000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261717864.00000F5C01F34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262026307.00000F5C01EF8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261749948.00000F5C01F3C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261785279.00000F5C01F44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                    Source: chrome.exe, 00000003.00000003.1261490295.00000F5C01ED4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173916488.00000F5C01EE1000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261717864.00000F5C01F34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262026307.00000F5C01EF8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261749948.00000F5C01F3C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261785279.00000F5C01F44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                    Source: chrome.exe, 00000003.00000002.2158925505.00000F5C00198000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.goog
                    Source: chrome.exe, 00000003.00000002.2172546108.00000F5C01930000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172579456.00000F5C01940000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2158925505.00000F5C00198000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165530839.00000F5C01084000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2165499671.00000F5C01078000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2162843986.00000F5C009C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172251447.00000F5C0183C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                    Source: chrome.exe, 00000003.00000002.2151823494.0000019A13237000.00000004.10000000.00040000.00000000.sdmp, chrome.exe, 00000003.00000002.2166133265.00000F5C01178000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2171792574.00000F5C0180C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173879644.00000F5C01E80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172251447.00000F5C0183C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                    Source: chrome.exe, 00000003.00000002.2172546108.00000F5C01930000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172579456.00000F5C01940000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2174280893.00000F5C02162000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2171792574.00000F5C0180C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173879644.00000F5C01E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1696267841&target=OPTIMIZATION_TARGET_OMN
                    Source: chrome.exe, 00000003.00000002.2172943040.00000F5C01BE0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172579456.00000F5C01940000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2171792574.00000F5C0180C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173879644.00000F5C01E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1728324084&target=OPTIMIZATION_TARGET_OMN
                    Source: chrome.exe, 00000003.00000002.2172943040.00000F5C01BE0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172579456.00000F5C01940000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163997667.00000F5C00C04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2171207044.00000F5C017A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173879644.00000F5C01E80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172251447.00000F5C0183C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808228&target=OPTIMIZATION_TARGET_GEO
                    Source: chrome.exe, 00000003.00000002.2172943040.00000F5C01BE0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172579456.00000F5C01940000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2171207044.00000F5C017A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173879644.00000F5C01E80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172251447.00000F5C0183C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808249&target=OPTIMIZATION_TARGET_NOT
                    Source: chrome.exe, 00000003.00000002.2172546108.00000F5C01930000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172579456.00000F5C01940000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2174280893.00000F5C02162000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2162569333.00000F5C00978000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2171207044.00000F5C017A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2171792574.00000F5C0180C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173879644.00000F5C01E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739894676&target=OPTIMIZATION_TARGET_CLI
                    Source: chrome.exe, 00000003.00000002.2172943040.00000F5C01BE0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2172579456.00000F5C01940000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2158925505.00000F5C00198000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2168165711.00000F5C01330000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2174280893.00000F5C02162000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2171792574.00000F5C0180C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173879644.00000F5C01E80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=240731042075&target=OPTIMIZATION_TARGET_S
                    Source: chrome.exe, 00000003.00000002.2172437464.00000F5C018E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                    Source: chrome.exe, 00000003.00000003.1262151073.00000F5C01F80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                    Source: chrome.exe, 00000003.00000003.1157961790.00000F5C00584000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1158044121.00000F5C01004000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1143757309.00000F5C01420000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://passwords.google.comSaved
                    Source: chrome.exe, 00000003.00000002.2162569333.00000F5C0095C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://passwords.google/
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
                    Source: chromecache_82.4.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
                    Source: chromecache_80.4.drString found in binary or memory: https://plus.google.com
                    Source: chromecache_80.4.drString found in binary or memory: https://plus.googleapis.com
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmp, chrome.exe, 00000003.00000002.2163997667.00000F5C00C04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1122152924.00000F5C011A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                    Source: chrome.exe, 00000003.00000002.2169968060.00000F5C01664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
                    Source: chrome.exe, 00000003.00000002.2164917567.00000F5C00EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.c
                    Source: Nexora.exeString found in binary or memory: https://reg.avs4you.com/prolongation/prolongation.aspx
                    Source: chrome.exe, 00000003.00000002.2160275082.00000F5C0045C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                    Source: chrome.exe, 00000003.00000002.2158008864.00000F5C00074000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyA2KlwBX3mkFo30om9LU
                    Source: chrome.exe, 00000003.00000002.2164669390.00000F5C00E18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
                    Source: chrome.exe, 00000003.00000002.2163904523.00000F5C00BCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2164398852.00000F5C00D6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2166983310.00000F5C011C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                    Source: chrome.exe, 00000003.00000002.2160194870.00000F5C0043C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                    Source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: Nexora.exe, 00000000.00000002.1055257391.0000000003A81000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: Nexora.exeString found in binary or memory: https://store.avs4you.com/order/checkout.php?PRODS=604132&QTY=1&CURRENCY=USD&DCURRENCY=USD&LANGUAGES
                    Source: Nexora.exeString found in binary or memory: https://support.avs4you.com/Feedback.aspx?utm_source=Uninstall&utm_content=Feedback
                    Source: Nexora.exeString found in binary or memory: https://support.avs4you.com/Feedback.aspx?utm_source=Uninstall&utm_content=FeedbackPublisher&utm_cam
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://support.google.com/chrome/a/?p=browser_profile_details
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://support.google.com/chrome/answer/96817
                    Source: chrome.exe, 00000003.00000002.2161042621.00000F5C005EC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://support.google.com/chromebook?p=app_intent
                    Source: chrome.exe, 00000003.00000002.2164669390.00000F5C00E18000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                    Source: Nexora.exeString found in binary or memory: https://translate.googleapis.com/translate_a/single?client=gtx&sl=($BASE_LANG_EXT)&tl=($TARGET_LANG_
                    Source: Nexora.exeString found in binary or memory: https://translation.googleapis.com/language/translate/v2/languages?target=en&key=%s
                    Source: chrome.exe, 00000003.00000003.1739827484.00000F5C012D3000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1739827484.00000F5C012D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=14:CXQOozBAOTFnMUh-utn0lonY0egedMjF2NFNTq
                    Source: chromecache_80.4.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Antispam.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Archiver.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Audio-Converter.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Audio-Editor.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Audio-Grabber.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Audio-Mix.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Audio-Recorder.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Cover-Editor.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-DVD-Authoring.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-DVD-Copy.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-DVD-Player.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Disc-Creator.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Document-Converter.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Firewall.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Image-Converter.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Media-Player.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Mobile-Uploader.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Photo-Editor.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Registry-Cleaner.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Ringtone-Maker.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Slideshow-Maker.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-System-Cleaner.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-System-Info.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-TV-Box.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Video-Converter.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Video-Editor.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Video-Recorder.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Video-Remaker.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Video-Uploader.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Video-to-Flash.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-Video-to-GO.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-YouTube-Uploader.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/AVS-iDevice-Explorer.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/Encrypted-DVD.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSAntispam.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSArchiver.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSAudioConverter.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSAudioEditor.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSAudioGrabber.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSAudioMix.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSAudioRecorder.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSCoverEditor.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSDVDAuthoring.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSDVDCopy.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSDVDPlayer.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSDiscCreator.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSDocumentConverter.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSFirewall.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSImageConverter.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSMediaPlayer.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSMobileUploader.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSPhotoEditor.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSRegistryCleaner.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSRingtoneMaker.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSSlideshowMaker.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSSystemCleaner.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSSystemInfo.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSTVBox.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSVideoConverter.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSVideoEditor.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSVideoRecorder.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSVideoRemaker.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSVideoUploader.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSVideotoFlash.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSVideotoGo.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSYouTubeUploader.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/AVSiDeviceExplorer.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/downloads/VideoMenu-PresetPack.exe
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/index.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/register.aspx
                    Source: Nexora.exeString found in binary or memory: https://www.avs4you.com/support.aspx
                    Source: chrome.exe, 00000003.00000002.2164564529.00000F5C00DE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
                    Source: chrome.exe, 00000003.00000003.1144133822.00000F5C014C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2164785857.00000F5C00E64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                    Source: chrome.exe, 00000003.00000002.2166983310.00000F5C011C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                    Source: chrome.exe, 00000003.00000002.2170627865.00000F5C016E4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                    Source: chrome.exe, 00000003.00000002.2162569333.00000F5C0095C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/#safe
                    Source: chrome.exe, 00000003.00000002.2162951403.00000F5C009CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
                    Source: chrome.exe, 00000003.00000002.2162951403.00000F5C009CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159272638.00000F5C0196C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159183859.00000F5C01950000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                    Source: chrome.exe, 00000003.00000002.2149906225.0000019A11DD0000.00000002.00000001.00040000.00000013.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
                    Source: chrome.exe, 00000003.00000002.2165079739.00000F5C00F80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2163904523.00000F5C00BCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2164202696.00000F5C00CC8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTg
                    Source: chrome.exe, 00000003.00000002.2169968060.00000F5C01664000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
                    Source: chrome.exe, 00000003.00000002.2164917567.00000F5C00EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
                    Source: chrome.exe, 00000003.00000003.1780284415.00000F5C012D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.0/
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac6ci5mwrvihfwmuttvglzv6q75a_2024.11.26.0/mcfjlb
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmpp
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/acaldksiunzh56452py2db5mnbpa_120.0.6050.0/jamhcn
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/actmp2nnbu2ymifm2754i72stp5a_9605/hfnkpimlhhgiea
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglejhemejgi
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/acwdvlndwbio5flgptu6licnn44q_2025.2.25.0/gonpemd
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/ad6bqrogtrdeb2aualzvp3izob2a_3/hajigopbbjhghbfim
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojlnjndmcb
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnk
                    Source: chrome.exe, 00000003.00000002.2162801812.00000F5C009A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/ee
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/kiabhab
                    Source: chrome.exe, 00000003.00000002.2162461408.00000F5C00934000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/aqycho6ebjt4lkm75dietvcqni_3064/jflookgnkcckhoba
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocnca
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/pmagihnl
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/gqxqepn5mr6ajfbgvijf7siwgy_2025.3.4.1202/ggkkehg
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/imoffpf67hel7kbknqflao2oo4_1.0.2738.0/neifaoindg
                    Source: chrome.exe, 00000003.00000002.2168270125.00000F5C01360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/inc4skbz6ysglh4mhehkajf2mq_20250226.732734858.14
                    Source: chrome.exe, 00000003.00000002.2161712304.00000F5C007B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkh
                    Source: chrome.exe, 00000003.00000002.2163272399.00000F5C00A0C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpm
                    Source: chrome.exe, 00000003.00000002.2158543698.00000F5C00114000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/m5mcazcztvqskzuckun4qbabza_2025.3.9.1/jflhchccmp
                    Source: chrome.exe, 00000003.00000002.2161810694.00000F5C007D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/pkap37pjanhqytozbeza7qsifm_2025.2.21.0/niikhdgaj
                    Source: chrome.exe, 00000003.00000002.2161943709.00000F5C0081C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2161199907.00000F5C00664000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2161042621.00000F5C005EC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2164564529.00000F5C00DE4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                    Source: chrome.exe, 00000003.00000002.2160194870.00000F5C0043C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                    Source: chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261717864.00000F5C01F34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262026307.00000F5C01EF8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261749948.00000F5C01F3C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261785279.00000F5C01F44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159272638.00000F5C0196C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1159183859.00000F5C01950000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                    Source: chrome.exe, 00000003.00000002.2160232191.00000F5C0044C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                    Source: chrome.exe, 00000003.00000002.2159265106.00000F5C00204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                    Source: chromecache_80.4.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
                    Source: chromecache_80.4.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
                    Source: chrome.exe, 00000003.00000003.1159490729.00000F5C01A04000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208897185.00000F5C01890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1097649106.00000F5800622000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                    Source: Nexora.exeString found in binary or memory: https://www.googleapis.com/language/translate/v2?q=%s&source=%s&target=%s&key=%s
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                    Source: chrome.exe, 00000003.00000002.2159105166.00000F5C001E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                    Source: chrome.exe, 00000003.00000002.2161943709.00000F5C0081C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                    Source: chromecache_82.4.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
                    Source: chromecache_82.4.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
                    Source: chromecache_82.4.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
                    Source: chrome.exe, 00000003.00000002.2173829756.00000F5C01E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 00000003.00000003.1262062649.00000F5C01880000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1208871865.00000F5C01C80000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261615589.00000F5C0148C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173829756.00000F5C01E70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 00000003.00000002.2165126782.00000F5C00FC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173916488.00000F5C01EE1000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261717864.00000F5C01F34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262026307.00000F5C01EF8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261749948.00000F5C01F3C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261785279.00000F5C01F44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.WcyoQrvsWY0.2019.O/rt=j/m=q_dnp
                    Source: chrome.exe, 00000003.00000003.1261490295.00000F5C01ED4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2173916488.00000F5C01EE1000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262151073.00000F5C01F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261717864.00000F5C01F34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1262026307.00000F5C01EF8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261749948.00000F5C01F3C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1261785279.00000F5C01F44000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.L8bgMGq1rcI.L.W.O/m=qmd
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                    Source: chrome.exe, 00000003.00000002.2163338931.00000F5C00A34000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2160232191.00000F5C0044C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49677 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                    Source: unknownHTTPS traffic detected: 172.67.152.244:443 -> 192.168.2.7:49684 version: TLS 1.2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043EDB0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043EDB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043EDB0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,2_2_0043EDB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043F1A7 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,2_2_0043F1A7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004220A0 CreateDesktopW,2_2_004220A0

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.Nexora.exe.32825ec.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                    Source: 0.2.Nexora.exe.32825ec.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                    Source: 00000000.00000002.1053275828.0000000003280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0709B3A0 NtProtectVirtualMemory,0_2_0709B3A0
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0709F0B0 NtResumeThread,0_2_0709F0B0
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0328056F0_2_0328056F
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_033B732C0_2_033B732C
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_033B6B240_2_033B6B24
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_033B7DCC0_2_033B7DCC
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_033B5C300_2_033B5C30
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_033BA6240_2_033BA624
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_032800000_2_03280000
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_033B6EF40_2_033B6EF4
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0389CF080_2_0389CF08
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_07097F680_2_07097F68
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0709CEB00_2_0709CEB0
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_07097F580_2_07097F58
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0040E8302_2_0040E830
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0040B9902_2_0040B990
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00415A002_2_00415A00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00423A002_2_00423A00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00443B002_2_00443B00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00412CFA2_2_00412CFA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044C5302_2_0044C530
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0041AD802_2_0041AD80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00423E102_2_00423E10
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004476C02_2_004476C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0041CECB2_2_0041CECB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004246F02_2_004246F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004010402_2_00401040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0041F0752_2_0041F075
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043C8302_2_0043C830
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044B0C02_2_0044B0C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004138F02_2_004138F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044B1702_2_0044B170
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004449002_2_00444900
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044A9152_2_0044A915
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0040F1EE2_2_0040F1EE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043E9F02_2_0043E9F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00430A402_2_00430A40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00430A602_2_00430A60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00408A702_2_00408A70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00437A7D2_2_00437A7D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044B2002_2_0044B200
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044C2002_2_0044C200
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0040A2302_2_0040A230
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043D2E52_2_0043D2E5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00438AFB2_2_00438AFB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0040DAA22_2_0040DAA2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044BAA02_2_0044BAA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004132B62_2_004132B6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00402B502_2_00402B50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0040CB502_2_0040CB50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0042DB202_2_0042DB20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0042FB302_2_0042FB30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0041BBC82_2_0041BBC8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044A3CE2_2_0044A3CE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004203D02_2_004203D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00438BE82_2_00438BE8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004533EA2_2_004533EA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00447B802_2_00447B80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004453802_2_00445380
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0040FBA02_2_0040FBA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004174402_2_00417440
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004244402_2_00424440
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044B4502_2_0044B450
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004094602_2_00409460
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0040C4602_2_0040C460
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0040BC702_2_0040BC70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00444C002_2_00444C00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043B42B2_2_0043B42B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004414D42_2_004414D4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00442CE02_2_00442CE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00437CE62_2_00437CE6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043A4EC2_2_0043A4EC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004304B02_2_004304B0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004125592_2_00412559
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004035602_2_00403560
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004295602_2_00429560
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00437D762_2_00437D76
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0041C5782_2_0041C578
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004285C02_2_004285C0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004435D02_2_004435D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044B5D02_2_0044B5D0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043ADE32_2_0043ADE3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0042DDE42_2_0042DDE4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00420D802_2_00420D80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00407D902_2_00407D90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0042BE672_2_0042BE67
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00432E6D2_2_00432E6D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044AE702_2_0044AE70
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004166112_2_00416611
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0042F6202_2_0042F620
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00408EE02_2_00408EE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004276E02_2_004276E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004326E02_2_004326E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00431EA12_2_00431EA1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00416F432_2_00416F43
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00442F402_2_00442F40
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004437402_2_00443740
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044AF602_2_0044AF60
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00403F002_2_00403F00
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043CF192_2_0043CF19
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00428F202_2_00428F20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0044BF202_2_0044BF20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00412FC32_2_00412FC3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0042CFE32_2_0042CFE3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004047E22_2_004047E2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00406FE62_2_00406FE6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004207EA2_2_004207EA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0042D7802_2_0042D780
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004457802_2_00445780
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00447F802_2_00447F80
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0043BF982_2_0043BF98
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004267A62_2_004267A6
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0042C7B12_2_0042C7B1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: String function: 0040B220 appears 47 times
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: String function: 0041AD70 appears 96 times
                    Source: Nexora.exeStatic PE information: invalid certificate
                    Source: Nexora.exeBinary or memory string: OriginalFilename vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000000.871121541.000000000149F000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000000.871121541.000000000149F000.00000008.00000001.01000000.00000003.sdmpBinary or memory string: C*.**.**.**.*\\*.*.FileVersionProductVersion0.0.0.0\VarFileInfo\Translation040904b0%04x%04xLanguageLegalCopyrightProductNameFileVersionFileDescriptionCompanyNameInternalNameLegalTrademarksOriginalFileNameProductVersionComments\StringFileInfo\\FileVersionProductVersionFileVersion%d.%d.%d.%d...\/:*?"<>|_0 bytes kb. Mb. GbAVSSeShutdownPrivilege%i vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000002.1078653545.0000000004C6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000002.1078653545.0000000004C6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIoqflzfecd.dll" vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000002.1055257391.0000000003A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000002.1089330543.0000000006370000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameIoqflzfecd.dll" vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000000.871211290.00000000014EB000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAVSUninstall.exe< vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000002.1101711552.0000000007020000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Nexora.exe
                    Source: Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Nexora.exe
                    Source: Nexora.exeBinary or memory string: OriginalFileName vs Nexora.exe
                    Source: Nexora.exeBinary or memory string: C*.**.**.**.*\\*.*.FileVersionProductVersion0.0.0.0\VarFileInfo\Translation040904b0%04x%04xLanguageLegalCopyrightProductNameFileVersionFileDescriptionCompanyNameInternalNameLegalTrademarksOriginalFileNameProductVersionComments\StringFileInfo\\FileVersionProductVersionFileVersion%d.%d.%d.%d...\/:*?"<>|_0 bytes kb. Mb. GbAVSSeShutdownPrivilege%i vs Nexora.exe
                    Source: Nexora.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: 0.2.Nexora.exe.32825ec.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                    Source: 0.2.Nexora.exe.32825ec.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                    Source: 00000000.00000002.1053275828.0000000003280000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@40/14@16/5
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_03280C7F CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,0_2_03280C7F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00443B00 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,2_2_00443B00
                    Source: C:\Users\user\Desktop\Nexora.exeMutant created: NULL
                    Source: Nexora.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: C:\Users\user\Desktop\Nexora.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: chrome.exe, 00000003.00000002.2164669390.00000F5C00E18000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 45;
                    Source: chrome.exe, 00000003.00000003.1261371638.00000F5C003D4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B69gs.google.com https://*.corp.google.com;object-src 'none';script-src 'self' 'unsafe-inline' https:;frame-ancestors chrome://new-tab-page/
                    Source: chrome.exe, 00000003.00000002.2168203919.00000F5C01340000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
                    Source: chrome.exe, 00000003.00000003.1261371638.00000F5C003D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2167946455.00000F5C01300000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2164747044.00000F5C00E58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2167609184.00000F5C012AF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
                    Source: chrome.exe, 00000003.00000002.2162843986.00000F5C009C4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                    Source: chrome.exe, 00000003.00000002.2174212853.00000F5C02130000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 120;
                    Source: chrome.exe, 00000003.00000002.2164669390.00000F5C00E18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2164747044.00000F5C00E58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2167609184.00000F5C012AF000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
                    Source: chrome.exe, 00000003.00000002.2172546108.00000F5C01930000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '19E16122849E343B';
                    Source: chrome.exe, 00000003.00000002.2173686472.00000F5C01E14000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(id) FROM metrics WHERE metrics.metric_hash = '64BD7CCE5A95BF00';
                    Source: chrome.exe, 00000003.00000002.2169078437.00000F5C015E4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';
                    Source: chrome.exe, 00000003.00000002.2161943709.00000F5C0081C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '534661B278B11BD';
                    Source: Nexora.exeVirustotal: Detection: 20%
                    Source: Nexora.exeReversingLabs: Detection: 21%
                    Source: Nexora.exeString found in binary or memory: ;application/vnd.adobe.air-application-installer-package+zip
                    Source: Nexora.exeString found in binary or memory: application/vnd.groove-help
                    Source: Nexora.exeString found in binary or memory: "application/x-install-instructions
                    Source: Nexora.exeString found in binary or memory: -ADDCUSTOMCOLORBUTTON_CAP=Add to Custom Colors
                    Source: unknownProcess created: C:\Users\user\Desktop\Nexora.exe "C:\Users\user\Desktop\Nexora.exe"
                    Source: C:\Users\user\Desktop\Nexora.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2260,i,1949960776380522775,10280748617452592649,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2360 /prefetch:3
                    Source: C:\Users\user\Desktop\Nexora.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2260,i,1949960776380522775,10280748617452592649,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2360 /prefetch:3Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: shfolder.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: Nexora.exeStatic PE information: More than 620 > 100 exports found
                    Source: Nexora.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                    Source: Nexora.exeStatic file information: File size 9373696 > 1048576
                    Source: Nexora.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x5fde00
                    Source: Nexora.exeStatic PE information: Raw size of .reloc is bigger than: 0x100000 < 0x1afc00
                    Source: Nexora.exeStatic PE information: More than 200 imports for USER32.DLL
                    Source: Nexora.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Nexora.exe, 00000000.00000002.1078653545.0000000004C6C000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1101711552.0000000007020000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Nexora.exe, 00000000.00000002.1078653545.0000000004C6C000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1101711552.0000000007020000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Nexora.exe, 00000000.00000002.1078653545.0000000004B7D000.00000004.00000800.00020000.00000000.sdmp, Nexora.exe, 00000000.00000002.1097026607.0000000006820000.00000004.08000000.00040000.00000000.sdmp, Nexora.exe, 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.Nexora.exe.6820000.12.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.Nexora.exe.6820000.12.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.Nexora.exe.6820000.12.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.Nexora.exe.6820000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.Nexora.exe.6820000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Nexora.exe.4d77f88.5.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.Nexora.exe.7020000.13.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.Nexora.exe.4dff9f7.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Nexora.exe.4a85570.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Nexora.exe.4dff9f7.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Nexora.exe.6790000.11.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Nexora.exe.6790000.11.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Nexora.exe.4a85570.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1055257391.0000000003A81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1078653545.0000000004DFD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1095530079.0000000006790000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1078653545.0000000004A81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Nexora.exe PID: 7164, type: MEMORYSTR
                    Source: Nexora.exeStatic PE information: real checksum: 0x7ba227 should be: 0x8f2d2c
                    Source: Nexora.exeStatic PE information: section name: .didata
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0709D633 push ecx; iretd 0_2_0709D669
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0709D66B push ecx; iretd 0_2_0709D669
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0709D66B push edi; iretd 0_2_0709D671
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_0045494F push edi; ret 2_2_00454955
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00455924 push ebx; iretd 2_2_00455939
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004549B4 push edx; ret 2_2_004549DD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004549B1 push ebx; ret 2_2_004549B2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00454A45 push ebx; ret 2_2_00454A4E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00454A2C push ebx; ret 2_2_00454A2E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00454A30 push edx; ret 2_2_004549DD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004542E9 push esp; ret 2_2_004542EA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004542AD push ebx; ret 2_2_004542AE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004542BC push edx; ret 2_2_004542BD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004542BF push ebx; ret 2_2_004542C2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00451CAC push cs; retf 2_2_00451CD7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00455586 push esp; ret 2_2_00455591
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_00453E68 push sp; ret 2_2_0045426A
                    Source: 0.2.Nexora.exe.6370000.9.raw.unpack, Gagkbcur985o91CKUO0.csHigh entropy of concatenated method names: 't0tujijsn3', 'aVkusr8yJi', 'w9ou8IiqL0', 'IMiuSerYw0', 'AaxuvXpIRF', 'eFAuFO72n2', 'toRufZAayG', 'Mkdu00YOsm', 'vkduytJ2xV', 'krduE3Kojw'
                    Source: 0.2.Nexora.exe.6370000.9.raw.unpack, wZIcPkYYcyZxcAQLLGP.csHigh entropy of concatenated method names: 'bVxY2gJRq4', 'Nf5YcdRaH6', 'PouYrIQ2cV', 'SkFYU3btpp', 'LvEYjFTCTs', 'nplYidedZa', 'KhCIoQmVAW1o3UVNCgn', 'B8CAk9mw3fJ7Wj48vfD'
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Nexora.exe, 00000000.00000002.1055257391.0000000003A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\Nexora.exeMemory allocated: 3850000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeMemory allocated: 3A80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeMemory allocated: 5A80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe TID: 6840Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A12F76000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A12F77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partitionczf.eA
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A12F76000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A12F77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V eumoleqvohnijvq BusL
                    Source: chrome.exe, 00000003.00000002.2168881318.00000F5C014D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition#E
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1414765453.0000019A1301A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A1301A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A1301A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A1301A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
                    Source: chrome.exe, 00000003.00000002.2171421656.00000F5C017DC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                    Source: AppLaunch.exe, 00000002.00000002.2141048148.00000000050BC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx5
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16620000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partitionl
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
                    Source: chrome.exe, 00000003.00000002.2171967020.00000F5C0181C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=a26fe57a-5514-49dc-9cda-f10fc92f8886
                    Source: chrome.exe, 00000003.00000003.1148949225.0000019A16711000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1149382718.0000019A16715000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1149313513.0000019A16711000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Ro
                    Source: AppLaunch.exe, 00000002.00000002.2142277950.00000000050F9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A12F76000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A12F77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes
                    Source: chrome.exe, 00000003.00000003.1106994101.00000F5C003B4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                    Source: Nexora.exe, 00000000.00000002.1055257391.0000000003A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                    Source: chrome.exe, 00000003.00000002.2147237124.0000019A0F35E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A12F76000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A12F77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical ProcessorMf
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisorp
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A12F76000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A12F77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipesuile<d_
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A1301A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A1301A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Serviceq
                    Source: chrome.exe, 00000003.00000002.2147237124.0000019A0F35E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus PipesPa
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A1301A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A1301A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processormui
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A12F76000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A12F77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partitionui
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A12F76000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A12F77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorll
                    Source: Nexora.exe, 00000000.00000002.1055257391.0000000003A81000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration ServiceS@
                    Source: chrome.exe, 00000003.00000003.1942606371.00000F5C012D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor&F
                    Source: chrome.exe, 00000003.00000003.1414765453.0000019A1301A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000002.2151399139.0000019A1301A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorui
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V eumoleqvohnijvq Bus PipesdIt
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionN
                    Source: chrome.exe, 00000003.00000003.1149060546.0000019A166C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: unt 4s9712Runtime Count 16s9714Runtime Count 1min9716Runtime Count Infinite3094Hyper-V Virtual Machine Bus Pipes3096Reads/sec3098Writes/sec3100Bytes Read/sec3102Bytes Written/sec9616SMB Direct Connection9618Stalls (Send Credit)/sec9620Stalls (Send Queue)/sec9622Stalls (RDMA Registrations)/sec9624Sends/sec9626Remote Invalidations/sec9628Memory Regions9630Bytes Received/sec9632Bytes Sent/sec9634Bytes RDMA Read/sec9636Bytes RDMA Written/sec9638Stalls (RDMA Read)/sec9640Receives/sec9642RDMA Registrations/sec9644SCQ Notification Events/sec9646RCQ Notification Events/sec9648Spurious RCQ Notification Events9650Spurious SCQ Notification Events9504Offline Files9506Bytes Received9508Bytes Transmitted9510Bytes Transmitted/sec9514Bytes Received/sec9518Client Side Caching9520SMB BranchCache Bytes Requested9522SMB BranchCache Bytes Received9524SMB BranchCache Bytes Published9526SMB BranchCache Bytes Requested From Server9528SMB BranchCache Hashes Requested9530SMB BranchCache Hashes Received9532SMB BranchCache Hash Bytes Received9534Prefetch Operations Queued9536Prefetch Bytes Read From Cache9538Prefetch Bytes Read From Server9540Application Bytes Read From Cache9542Application Bytes Read From Server9544Application Bytes Read From Server (Not Cached)3260Teredo Relay3262In - Teredo Relay Total Packets: Success + Error
                    Source: chrome.exe, 00000003.00000002.2152146780.0000019A16634000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
                    Source: chrome.exe, 00000003.00000002.2151399139.0000019A12FDB000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000003.00000003.1414765453.0000019A12FDB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ::$DATAeHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot
                    Source: chrome.exe, 00000003.00000003.1149198192.0000019A1302A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: er Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run T
                    Source: chrome.exe, 00000003.00000002.2147237124.0000019A0F3C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partitionll
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeAPI call chain: ExitProcess graph end nodegraph_2-21950
                    Source: C:\Users\user\Desktop\Nexora.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeCode function: 2_2_004494F0 LdrInitializeThunk,2_2_004494F0
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_03280B2F mov eax, dword ptr fs:[00000030h]0_2_03280B2F
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0328056F mov edx, dword ptr fs:[00000030h]0_2_0328056F
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0328117E mov eax, dword ptr fs:[00000030h]0_2_0328117E
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_0328117F mov eax, dword ptr fs:[00000030h]0_2_0328117F
                    Source: C:\Users\user\Desktop\Nexora.exeCode function: 0_2_03280EDF mov eax, dword ptr fs:[00000030h]0_2_03280EDF
                    Source: C:\Users\user\Desktop\Nexora.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Nexora.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\Desktop\Nexora.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 400000Jump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 401000Jump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 44E000Jump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 451000Jump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: 45F000Jump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe base: C1E008Jump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223Jump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Nexora.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: AppLaunch.exe, 00000002.00000002.2142058435.00000000050E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
                    Source: AppLaunch.exe, 00000002.00000002.2142058435.00000000050E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
                    Source: AppLaunch.exe, 00000002.00000002.2142277950.0000000005157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx LibertySER-R
                    Source: AppLaunch.exe, 00000002.00000002.2142058435.00000000050E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: AppLaunch.exe, 00000002.00000002.2142277950.00000000050F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
                    Source: AppLaunch.exe, 00000002.00000002.2142277950.00000000050F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Chrome/Default/Extensions/ExodusWeb3
                    Source: AppLaunch.exe, 00000002.00000002.2142058435.00000000050E9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Ethereum
                    Source: AppLaunch.exe, 00000002.00000002.2142277950.00000000050F9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                    Source: Nexora.exe, 00000000.00000002.1089330543.0000000006370000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: Yara matchFile source: 00000002.00000002.2142277950.00000000050F9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: AppLaunch.exe PID: 6696, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Attempt to bypass Chrome Application-Bound Encryption
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Windows Management Instrumentation                    		1
                    Create Account                    		211
                    Process Injection                    		2
                    Virtualization/Sandbox Evasion                    		1
                    OS Credential Dumping                    		11
                    Security Software Discovery                    		Remote Services1
                    Screen Capture                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts2
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		1
                    Disable or Modify Tools                    		LSASS Memory2
                    Virtualization/Sandbox Evasion                    		Remote Desktop Protocol1
                    Archive Collected Data                    		1
                    Remote Access Software                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		211
                    Process Injection                    		Security Account Manager2
                    Process Discovery                    		SMB/Windows Admin Shares3
                    Data from Local System                    		2
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Deobfuscate/Decode Files or Information                    		NTDS22
                    System Information Discovery                    		Distributed Component Object Model2
                    Clipboard Data                    		3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA SecretsInternet Connection DiscoverySSHKeylogging4
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Software Packing                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1634505 Sample: Nexora.exe Startdate: 11/03/2025 Architecture: WINDOWS Score: 100 24 cueddlycrea.run 2->24 26 beacons.gcp.gvt2.com 2->26 28 beacons-handoff.gcp.gvt2.com 2->28 40 Malicious sample detected (through community Yara rule) 2->40 42 Antivirus / Scanner detection for submitted sample 2->42 44 Multi AV Scanner detection for submitted file 2->44 46 3 other signatures 2->46 9 Nexora.exe 2 2->9         started        signatures3 process4 signatures5 48 Found many strings related to Crypto-Wallets (likely being stolen) 9->48 50 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 9->50 52 Writes to foreign memory regions 9->52 54 Injects a PE file into a foreign processes 9->54 12 AppLaunch.exe 9->12         started        process6 dnsIp7 36 cueddlycrea.run 172.67.152.244, 443, 49684 CLOUDFLARENETUS United States 12->36 38 127.0.0.1 unknown unknown 12->38 56 Attempt to bypass Chrome Application-Bound Encryption 12->56 58 Found many strings related to Crypto-Wallets (likely being stolen) 12->58 60 Tries to harvest and steal browser information (history, passwords, etc) 12->60 62 Tries to steal Crypto Currency Wallets 12->62 16 chrome.exe 12->16         started        signatures8 process9 dnsIp10 22 192.168.2.7, 138, 443, 49280 unknown unknown 16->22 19 chrome.exe 16->19         started        process11 dnsIp12 30 plus.l.google.com 142.250.185.174, 443, 49711 GOOGLEUS United States 19->30 32 www.google.com 172.217.16.196, 443, 49692, 49695 GOOGLEUS United States 19->32 34 4 other IPs or domains 19->34

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.