Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ca703fd579bbcee73544b9b37f8a6469.bin.exe

Overview

General Information

Sample name:ca703fd579bbcee73544b9b37f8a6469.bin.exe
Analysis ID:1636157
MD5:ad279a4eb0d457d9254f9140903bf356
SHA1:01aae86b325917876606ff06c2ff2342fe0c1c5a
SHA256:4a0063a2f3d69301ed13aed1734be629e39b4139602d4af162260503b544b854
Tags:exeuser-ttakvam
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected LummaC Stealer
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Joe Sandbox ML detected suspicious sample
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to read the clipboard data
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Browser Started with Remote Debugging
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • ca703fd579bbcee73544b9b37f8a6469.bin.exe (PID: 7512 cmdline: "C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe" MD5: AD279A4EB0D457D9254F9140903BF356)
    • ca703fd579bbcee73544b9b37f8a6469.bin.exe (PID: 1040 cmdline: "C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe" MD5: AD279A4EB0D457D9254F9140903BF356)
      • chrome.exe (PID: 5868 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223 MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 1320 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2416,i,15548464778851748453,3161970406248836977,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2472 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["cuddlypifllow.life/bVeoxe", "featureccus.shop/bdMAn", "mrodularmall.top/aNzS", "jowinjoinery.icu/bdWUa", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.1476802430.0000000005E50000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      00000000.00000002.1461244326.0000000002503000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000008.00000002.2414179477.00000000011AF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000008.00000002.2411522580.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            8.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.400000.0.raw.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              8.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.400000.0.unpackJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
                0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5e50000.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5e50000.5.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                    Sigma Signatures

                    Sigma detected: Browser Started with Remote Debugging
                    Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe", ParentImage: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe, ParentProcessId: 1040, ParentProcessName: ca703fd579bbcee73544b9b37f8a6469.bin.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223, ProcessId: 5868, ProcessName: chrome.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2025-03-12T13:08:49.328603+010020283713Unknown Traffic192.168.2.449726149.154.167.99443TCP
                    2025-03-12T13:08:52.149179+010020283713Unknown Traffic192.168.2.449727104.21.61.68443TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus detection for URL or domain
                    Source: htardwarehu.icu/SbdsaAvira URL Cloud: Label: malware
                    Source: cuddlypifllow.life/bVeoxeAvira URL Cloud: Label: malware
                    Found malware configuration
                    Source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["cuddlypifllow.life/bVeoxe", "featureccus.shop/bdMAn", "mrodularmall.top/aNzS", "jowinjoinery.icu/bdWUa", "legenassedk.top/bdpWO", "htardwarehu.icu/Sbdsa", "cjlaspcorne.icu/DbIps", "bugildbett.top/bAuz"]}
                    Multi AV Scanner detection for submitted file
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeVirustotal: Detection: 15%Perma Link
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeReversingLabs: Detection: 15%
                    Joe Sandbox ML detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Sample uses string decryption to hide its real strings
                    Source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpString decryptor: cuddlypifllow.life/bVeoxe
                    Source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpString decryptor: featureccus.shop/bdMAn
                    Source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpString decryptor: mrodularmall.top/aNzS
                    Source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpString decryptor: jowinjoinery.icu/bdWUa
                    Source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpString decryptor: legenassedk.top/bdpWO
                    Source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpString decryptor: htardwarehu.icu/Sbdsa
                    Source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpString decryptor: cjlaspcorne.icu/DbIps
                    Source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpString decryptor: bugildbett.top/bAuz
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0041EF24 CryptUnprotectData,8_2_0041EF24
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: unknownHTTPS traffic detected: 104.17.150.117:443 -> 192.168.2.4:49717 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 199.91.155.76:443 -> 192.168.2.4:49718 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49724 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49726 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.61.68:443 -> 192.168.2.4:49727 version: TLS 1.2
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.000000000350A000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477751373.00000000067F0000.00000004.08000000.00040000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003461000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.000000000350A000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477751373.00000000067F0000.00000004.08000000.00040000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003461000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmp
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-1Ah]8_2_0041E0A8
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-1Ah]8_2_0041E0A8
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-000000D6h]8_2_0044E900
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F7D6D3F6h8_2_0044E5E0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 656D2358h8_2_0041DE50
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then lea eax, dword ptr [esp+4Ch]8_2_0040FA70
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then cmp word ptr [edi+ebx], 0000h8_2_0044D290
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+000002E2h]8_2_0041EF24
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then mov word ptr [eax], cx8_2_0041EF24
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then mov esi, dword ptr [ecx+eax+3Ch]8_2_00448BF0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+50h]8_2_00445380
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+50h]8_2_00445380
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+0000009Eh]8_2_00420002
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-5ECA2E42h]8_2_00411C2D
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 743EDB10h8_2_0044D830
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-27865B7Bh]8_2_004258F0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx-74h]8_2_0040C890
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx-00000086h]8_2_0044D0A0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+24h]8_2_0041290A
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then mov word ptr [eax], cx8_2_0041290A
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then mov word ptr [eax], cx8_2_0041290A
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then cmp dword ptr [edi+ecx*8], 744E5843h8_2_004491D0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+6C5F5974h]8_2_004491D0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then mov byte ptr [esi], al8_2_00423D5B
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then mov byte ptr [esi], al8_2_00423D5B
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+163E6BF0h]8_2_0042CE60
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+791B2068h]8_2_0042DA00
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then mov ebp, eax8_2_00408A20
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+32AD0A60h]8_2_0042FAD0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+4AAE143Eh]8_2_004462D0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-000000D6h]8_2_0044EA80
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]8_2_0040A290
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]8_2_0040A290
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+000000C8h]8_2_00411290
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-1Eh]8_2_00448F40
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 7A542AABh8_2_0044DB50
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]8_2_00402770
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]8_2_0041B7D0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+4AAE143Eh]8_2_00446790

                    Networking

                    barindex
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: cuddlypifllow.life/bVeoxe
                    Source: Malware configuration extractorURLs: featureccus.shop/bdMAn
                    Source: Malware configuration extractorURLs: mrodularmall.top/aNzS
                    Source: Malware configuration extractorURLs: jowinjoinery.icu/bdWUa
                    Source: Malware configuration extractorURLs: legenassedk.top/bdpWO
                    Source: Malware configuration extractorURLs: htardwarehu.icu/Sbdsa
                    Source: Malware configuration extractorURLs: cjlaspcorne.icu/DbIps
                    Source: Malware configuration extractorURLs: bugildbett.top/bAuz
                    Source: global trafficHTTP traffic detected: GET /file_premium/wxrjt6vrb2dhtxa/Toijayds.dat/file HTTP/1.1Host: www.mediafire.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /2illp9n4bulgF7KLO-xi_jVqGsAPHqZHLrjBKHQ-WvVKkFw2PtT16fF9DRol1cMOjQqamKat4Aef-h9wIbMTqbrfyAVOEaPwHtIC96ExFOHoIRTaycYPAD50hqN-EcocjGO4EZtsvL5cihIPL9A1iSfhSnFYDSLN2907_EykbQOc_baM/wxrjt6vrb2dhtxa/Toijayds.dat HTTP/1.1Host: download2335.mediafire.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ololoshkatu HTTP/1.1Connection: Keep-AliveHost: t.me
                    Source: Joe Sandbox ViewIP Address: 104.17.150.117 104.17.150.117
                    Source: Joe Sandbox ViewIP Address: 104.21.61.68 104.21.61.68
                    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                    Source: Joe Sandbox ViewIP Address: 149.154.167.99 149.154.167.99
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49726 -> 149.154.167.99:443
                    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49727 -> 104.21.61.68:443
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 52.113.196.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 131.253.33.254
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
                    Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.27
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                    Source: unknownTCP traffic detected without corresponding DNS query: 104.18.38.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                    Source: unknownTCP traffic detected without corresponding DNS query: 172.64.149.23
                    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.131
                    Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                    Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                    Source: unknownTCP traffic detected without corresponding DNS query: 142.250.185.131
                    Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                    Source: unknownTCP traffic detected without corresponding DNS query: 199.232.214.172
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00425450 recv,8_2_00425450
                    Source: global trafficHTTP traffic detected: GET /file_premium/wxrjt6vrb2dhtxa/Toijayds.dat/file HTTP/1.1Host: www.mediafire.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /2illp9n4bulgF7KLO-xi_jVqGsAPHqZHLrjBKHQ-WvVKkFw2PtT16fF9DRol1cMOjQqamKat4Aef-h9wIbMTqbrfyAVOEaPwHtIC96ExFOHoIRTaycYPAD50hqN-EcocjGO4EZtsvL5cihIPL9A1iSfhSnFYDSLN2907_EykbQOc_baM/wxrjt6vrb2dhtxa/Toijayds.dat HTTP/1.1Host: download2335.mediafire.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /ololoshkatu HTTP/1.1Connection: Keep-AliveHost: t.me
                    Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjB2M4BCMjczgEIiuDOAQiu5M4BCIvlzgE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEI0qDKAQig4coBCJOhywEInP7MAQiFoM0BCL7VzgEIgNbOAQjB2M4BCMjczgEIiuDOAQiu5M4BCIvlzgE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
                    Source: chrome.exe, 00000009.00000003.1540309748.000061EC01628000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
                    Source: chrome.exe, 00000009.00000003.1540309748.000061EC01628000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
                    Source: chrome.exe, 00000009.00000002.2434929313.000061EC00404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
                    Source: global trafficDNS traffic detected: DNS query: www.mediafire.com
                    Source: global trafficDNS traffic detected: DNS query: download2335.mediafire.com
                    Source: global trafficDNS traffic detected: DNS query: t.me
                    Source: global trafficDNS traffic detected: DNS query: cuddlypifllow.life
                    Source: global trafficDNS traffic detected: DNS query: www.google.com
                    Source: global trafficDNS traffic detected: DNS query: apis.google.com
                    Source: global trafficDNS traffic detected: DNS query: play.google.com
                    Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
                    Source: unknownHTTP traffic detected: POST /bVeoxe HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 85Host: cuddlypifllow.life
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
                    Source: chrome.exe, 00000009.00000002.2437092847.000061EC00944000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
                    Source: chrome.exe, 00000009.00000002.2442357316.000061EC01488000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437680955.000061EC00A18000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/uma/v2
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1459846445.0000000000844000.00000004.00000020.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2413722222.0000000001166000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAEVR36.crl0
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAEVR36.crt0#
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
                    Source: chrome.exe, 00000009.00000002.2437001016.000061EC0091C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjAt
                    Source: chrome.exe, 00000009.00000002.2433029770.000061EC00094000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_pa
                    Source: chrome.exe, 00000009.00000002.2445502957.000061EC01B74000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
                    Source: chrome.exe, 00000009.00000002.2440756424.000061EC011BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemjh
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglejhemejginpboa
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/acuj5hfskmhsqvfoiaunj7t6n33q_2025.3.10.1/jflhchccmppk
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adachi2g2co7ajxpgopfjwjj5rta_3065/jflookgnkcckhobagln
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojlnjndmcbiieeg
                    Source: chrome.exe, 00000009.00000002.2433755231.000061EC001A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnkkcocm
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpng
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/kiabhabjdbkj
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanleaf
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/gwtrz3nzxhhw5ole7f7oqdbeti_9610/hfnkpimlhhgieaddgfemj
                    Source: chrome.exe, 00000009.00000002.2440756424.000061EC011BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaaea
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpmjfbkg
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dl.google.com/release2/chrome_component/pmztx7tk73bjttcb4b6ys6fixq_2025.1.3.1202/ggkkehgbnfjp
                    Source: chrome.exe, 00000009.00000002.2440025771.000061EC0107C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00
                    Source: chrome.exe, 00000009.00000002.2444434679.000061EC01924000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_
                    Source: chrome.exe, 00000009.00000002.2445502957.000061EC01B74000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebnd
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglej
                    Source: chrome.exe, 00000009.00000002.2437092847.000061EC00944000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acuj5hfskmhsqvfoiaunj7t6n33q_2025.3.10.1/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adachi2g2co7ajxpgopfjwjj5rta_3065/jflookg
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojl
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjk
                    Source: chrome.exe, 00000009.00000002.2439706523.000061EC00F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.23
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/
                    Source: chrome.exe, 00000009.00000002.2439706523.000061EC00F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/p
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/gwtrz3nzxhhw5ole7f7oqdbeti_9610/hfnkpimlh
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbog
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pk
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/pmztx7tk73bjttcb4b6ys6fixq_2025.1.3.1202/
                    Source: chrome.exe, 00000009.00000002.2432961977.000061EC00089000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://google.com/
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://ocsp.comodoca.com0
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://ocsp.sectigo.com0
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: http://ocsp.sectigo.com0(
                    Source: chrome.exe, 00000009.00000002.2439193416.000061EC00E58000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS0
                    Source: chrome.exe, 00000009.00000002.2433029770.000061EC00094000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
                    Source: chrome.exe, 00000009.00000002.2445502957.000061EC01B74000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: chrome.exe, 00000009.00000002.2438905556.000061EC00D88000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                    Source: chromecache_47.10.drString found in binary or memory: http://www.broofa.com
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgy
                    Source: chrome.exe, 00000009.00000002.2444434679.000061EC01924000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thir
                    Source: chrome.exe, 00000009.00000002.2445502957.000061EC01B74000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppe
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglejhemejgin
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/acuj5hfskmhsqvfoiaunj7t6n33q_2025.3.10.1/jflhchcc
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adachi2g2co7ajxpgopfjwjj5rta_3065/jflookgnkcckhob
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojlnjndmcbi
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnkk
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eei
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/kiabhabj
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncan
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/gwtrz3nzxhhw5ole7f7oqdbeti_9610/hfnkpimlhhgieaddg
                    Source: chrome.exe, 00000009.00000002.2440756424.000061EC011BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhl
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpmj
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/dl/release2/chrome_component/pmztx7tk73bjttcb4b6ys6fixq_2025.1.3.1202/ggkkehgb
                    Source: chrome.exe, 00000009.00000002.2440277593.000061EC010F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/update2/response
                    Source: chrome.exe, 00000009.00000002.2439013766.000061EC00DDC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
                    Source: chrome.exe, 00000009.00000002.2421331366.000001DBCF406000.00000002.00000001.00040000.0000000F.sdmpString found in binary or memory: http://www.unicode.org/copyright.html
                    Source: chrome.exe, 00000009.00000002.2438937925.000061EC00DB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
                    Source: chrome.exe, 00000009.00000002.2432836669.000061EC0003C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
                    Source: chrome.exe, 00000009.00000002.2444994179.000061EC019E8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2436034667.000061EC00720000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1577122523.000061EC019E8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2443540754.000061EC01830000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
                    Source: chrome.exe, 00000009.00000002.2444994179.000061EC019E8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1577122523.000061EC019E8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
                    Source: chrome.exe, 00000009.00000002.2433060615.000061EC000B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                    Source: chromecache_45.10.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
                    Source: chromecache_45.10.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
                    Source: chrome.exe, 00000009.00000002.2436034667.000061EC00720000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adroll.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adsmeasurement.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://adtrafficquality.google
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://alketech.eu
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aniview.com
                    Source: chrome.exe, 00000009.00000002.2446434313.000061EC01FC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmp, chromecache_47.10.dr, chromecache_45.10.drString found in binary or memory: https://apis.google.com
                    Source: chrome.exe, 00000009.00000002.2442571663.000061EC014D0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426853375.000001DBD5E07000.00000004.10000000.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.2441761427.000061EC013B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.uiLLJjqnhCQ.O/m=gapi_iframes
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://appsflyer.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aqfer.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://azubiyo.de
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://beaconmax.com
                    Source: chrome.exe, 00000009.00000002.2437092847.000061EC00944000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
                    Source: chrome.exe, 00000009.00000003.1574392460.000061EC01648000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1576307495.000061EC0158C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1576903758.000061EC01628000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
                    Source: chrome.exe, 00000009.00000002.2442508460.000061EC014C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438599005.000061EC00C88000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437997439.000061EC00B1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
                    Source: chrome.exe, 00000009.00000002.2438937925.000061EC00DB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: chrome.exe, 00000009.00000002.2438937925.000061EC00DB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: chrome.exe, 00000009.00000002.2438937925.000061EC00DB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: chrome.exe, 00000009.00000003.1574494520.000061EC012CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                    Source: chrome.exe, 00000009.00000002.2443012278.000061EC015B8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/collection/chrome_color_themes?hl=$
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chrome.google.com/webstore/category/extensions
                    Source: chrome.exe, 00000009.00000002.2428180256.000001DBD6567000.00000004.10000000.00040000.00000000.sdmp, chrome.exe, 00000009.00000002.2438263025.000061EC00BB0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439013766.000061EC00DDC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2443883028.000061EC0188C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439092724.000061EC00E14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en&category=theme81https://myactivity.google.com/myactivity/?u
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enCtrl$1
                    Source: chrome.exe, 00000009.00000003.1540035178.000061EC0142C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1574494520.000061EC012CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherEnabled
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalGreylistUrl
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherExternalSitelistUrl
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlGreylist
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUrlList
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromeenterprise.google/policies/#BrowserSwitcherUseIeSitelist
                    Source: chrome.exe, 00000009.00000003.1526903373.000061E80048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
                    Source: chrome.exe, 00000009.00000003.1526903373.000061E80048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
                    Source: chrome.exe, 00000009.00000003.1526774773.000061E800458000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526903373.000061E80048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526874590.000061E800468000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
                    Source: chrome.exe, 00000009.00000003.1526903373.000061E80048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/https://google-ohttp-relay-join.fastly-edge.com/
                    Source: chrome.exe, 00000009.00000002.2436405365.000061EC007B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
                    Source: chrome.exe, 00000009.00000002.2436405365.000061EC007B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://chromestatus.com/features#browsers.chrome.status%3A%22Deprecated%22
                    Source: chrome.exe, 00000009.00000002.2433793684.000061EC001AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                    Source: chrome.exe, 00000009.00000002.2437274402.000061EC009B7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
                    Source: chrome.exe, 00000009.00000003.1522805249.00000580000DC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
                    Source: chrome.exe, 00000009.00000002.2440651921.000061EC01170000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2436732719.000061EC00855000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2433667742.000061EC00174000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2433793684.000061EC001AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                    Source: chrome.exe, 00000009.00000002.2436732719.000061EC00844000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
                    Source: chrome.exe, 00000009.00000002.2436732719.000061EC00855000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
                    Source: chrome.exe, 00000009.00000002.2436732719.000061EC00855000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
                    Source: chromecache_45.10.drString found in binary or memory: https://clients6.google.com
                    Source: chrome.exe, 00000009.00000002.2437092847.000061EC00944000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
                    Source: chrome.exe, 00000009.00000002.2434783425.000061EC003D3000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/uma/v2
                    Source: chromecache_45.10.drString found in binary or memory: https://content.googleapis.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://convertunits.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://creative-serving.com
                    Source: chrome.exe, 00000009.00000002.2441601650.000061EC01378000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1
                    Source: chrome.exe, 00000009.00000002.2441601650.000061EC01378000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/gws/cdt1Cross-Origin-Opener-Policy:
                    Source: chrome.exe, 00000009.00000002.2441601650.000061EC01378000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/cdt1
                    Source: chrome.exe, 00000009.00000002.2425600056.000001DBD452D000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
                    Source: chrome.exe, 00000009.00000002.2425600056.000001DBD452D000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/scaffolding/asuacrsguc:50:0
                    Source: chrome.exe, 00000009.00000002.2425600056.000001DBD452D000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0
                    Source: chrome.exe, 00000009.00000002.2439706523.000061EC00F90000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2433418363.000061EC00128000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2425600056.000001DBD452D000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/scaffolding/asuacrsguc:50:0Cross-Origin-Opener-Policy-Report-Only:
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dailymail.co.uk
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://demand.supply
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTgyNjA
                    Source: chrome.exe, 00000009.00000002.2433029770.000061EC00094000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_third_p
                    Source: chrome.exe, 00000009.00000002.2445502957.000061EC01B74000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
                    Source: chrome.exe, 00000009.00000002.2440756424.000061EC011BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmppeemj
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglejhemejginpbo
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/acuj5hfskmhsqvfoiaunj7t6n33q_2025.3.10.1/jflhchccmpp
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adachi2g2co7ajxpgopfjwjj5rta_3065/jflookgnkcckhobagl
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojlnjndmcbiiee
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnkkcoc
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/eeigpn
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/kiabhabjdbk
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocncanlea
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/gwtrz3nzxhhw5ole7f7oqdbeti_9610/hfnkpimlhhgieaddgfem
                    Source: chrome.exe, 00000009.00000002.2440756424.000061EC011BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkhlaae
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpmjfbk
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://dl.google.com/release2/chrome_component/pmztx7tk73bjttcb4b6ys6fixq_2025.1.3.1202/ggkkehgbnfj
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434929313.000061EC00404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000009.00000002.2442508460.000061EC014C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438599005.000061EC00C88000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437997439.000061EC00B1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
                    Source: chrome.exe, 00000009.00000002.2442508460.000061EC014C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438599005.000061EC00C88000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437997439.000061EC00B1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434929313.000061EC00404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000009.00000002.2442508460.000061EC014C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438599005.000061EC00C88000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437997439.000061EC00B1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434929313.000061EC00404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000009.00000002.2442508460.000061EC014C0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438599005.000061EC00C88000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437997439.000061EC00B1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
                    Source: chromecache_45.10.drString found in binary or memory: https://domains.google.com/suggest/flow
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download2335.mediafire.com
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002495000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002499000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download2335.mediafire.com/2illp9n4bulgF7KLO-xi_jVqGsAPHqZHLrjBKHQ-WvVKkFw2PtT16fF9DRol1cMOj
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434929313.000061EC00404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebayadservices.com
                    Source: chrome.exe, 00000009.00000002.2433029770.000061EC00094000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64
                    Source: chrome.exe, 00000009.00000002.2445502957.000061EC01B74000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.cr
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebn
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelgle
                    Source: chrome.exe, 00000009.00000002.2437092847.000061EC00944000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acuj5hfskmhsqvfoiaunj7t6n33q_2025.3.10.1
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adachi2g2co7ajxpgopfjwjj5rta_3065/jflook
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efnioj
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmj
                    Source: chrome.exe, 00000009.00000002.2439706523.000061EC00F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.2
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1
                    Source: chrome.exe, 00000009.00000002.2437092847.000061EC00944000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.130
                    Source: chrome.exe, 00000009.00000002.2437092847.000061EC00944000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fpm7b3lyymiazxgd7zkf5fvmra_2024.10.17.0/
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/gwtrz3nzxhhw5ole7f7oqdbeti_9610/hfnkpiml
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbo
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/p
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://edgedl.me.gvt1.com/edgedl/release2/chrome_component/pmztx7tk73bjttcb4b6ys6fixq_2025.1.3.1202
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://elle.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://elnacional.cat
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://finn.no
                    Source: chrome.exe, 00000009.00000003.1574784420.000061EC01700000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1574580900.000061EC01728000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://fonts.google.com/icons?selected=Material
                    Source: chromecache_47.10.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
                    Source: chromecache_47.10.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
                    Source: chromecache_47.10.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
                    Source: chromecache_47.10.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
                    Source: chrome.exe, 00000009.00000002.2438937925.000061EC00DB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1574950959.000061EC01698000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?20
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1574950959.000061EC01698000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic2
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://getcapi.co
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gokwik.co
                    Source: chrome.exe, 00000009.00000003.1526874590.000061E800468000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
                    Source: chrome.exe, 00000009.00000003.1526874590.000061E800468000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
                    Source: chrome.exe, 00000009.00000003.1526903373.000061E80048C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
                    Source: chrome.exe, 00000009.00000003.1526903373.000061E80048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526874590.000061E800468000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
                    Source: chrome.exe, 00000009.00000002.2432771230.000061EC00004000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googlesyndication.com
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
                    Source: chrome.exe, 00000009.00000003.1577536905.000061EC01B00000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ingereck.net
                    Source: chrome.exe, 00000009.00000002.2438876577.000061EC00D70000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1574392460.000061EC01684000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2443204985.000061EC01684000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438263025.000061EC00BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
                    Source: chrome.exe, 00000009.00000002.2434993356.000061EC00414000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128482816.000061EC0202C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
                    Source: chrome.exe, 00000009.00000003.1574392460.000061EC01648000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
                    Source: chrome.exe, 00000009.00000002.2434537406.000061EC00330000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=ee272b19-4411-433f-8f28-5c1
                    Source: chrome.exe, 00000009.00000003.1576355498.000061EC01084000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/comon
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://lwadm.com
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439614186.000061EC00F60000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439567266.000061EC00F28000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2441199833.000061EC01298000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439092724.000061EC00E14000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2440277593.000061EC010F8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/:
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/J
                    Source: chrome.exe, 00000009.00000002.2444169925.000061EC018A8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2441012466.000061EC01214000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
                    Source: chrome.exe, 00000009.00000002.2444169925.000061EC018A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_defaultault
                    Source: chrome.exe, 00000009.00000002.2441199833.000061EC01298000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/te-policy
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
                    Source: chrome.exe, 00000009.00000002.2434993356.000061EC00414000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128482816.000061EC0202C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434929313.000061EC00404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://marutishanbhag.com
                    Source: chrome.exe, 00000009.00000002.2437910355.000061EC00AB4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2443175152.000061EC0161C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438659601.000061EC00CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
                    Source: chrome.exe, 00000009.00000002.2436732719.000061EC00844000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438659601.000061EC00CC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437762857.000061EC00A48000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
                    Source: chrome.exe, 00000009.00000002.2439567266.000061EC00F28000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438659601.000061EC00CC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437762857.000061EC00A48000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
                    Source: chrome.exe, 00000009.00000003.1527179296.000061E8004C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
                    Source: chrome.exe, 00000009.00000002.2440651921.000061EC01170000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438659601.000061EC00CC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2437762857.000061EC00A48000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmp, chrome.exe, 00000009.00000003.1574547266.000061EC011B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2435279463.000061EC004DA000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438479808.000061EC00C38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nexxen.tech
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
                    Source: chrome.exe, 00000009.00000002.2446434313.000061EC01FC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.googleapis.com
                    Source: chrome.exe, 00000009.00000003.2128148518.000061EC003A0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426853375.000001DBD5E0D000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://ogs.google.com
                    Source: chrome.exe, 00000009.00000002.2446434313.000061EC01FC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
                    Source: chrome.exe, 00000009.00000002.2446434313.000061EC01FC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
                    Source: chrome.exe, 00000009.00000002.2440881386.000061EC011DC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439783636.000061EC00FCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442170286.000061EC01464000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442029049.000061EC0143C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2441313235.000061EC01312000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442118307.000061EC01458000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2444241458.000061EC018BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
                    Source: chrome.exe, 00000009.00000002.2442092586.000061EC0144C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439783636.000061EC00FCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442029049.000061EC0143C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442118307.000061EC01458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1678906374&target=OPTIMIZATION_TARGET_OMN
                    Source: chrome.exe, 00000009.00000002.2444622457.000061EC0194C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
                    Source: chrome.exe, 00000009.00000002.2442092586.000061EC0144C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442029049.000061EC0143C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2441313235.000061EC01312000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2433793684.000061EC001AC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
                    Source: chrome.exe, 00000009.00000002.2439706523.000061EC00F90000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442029049.000061EC0143C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2441313235.000061EC01312000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
                    Source: chrome.exe, 00000009.00000002.2442092586.000061EC0144C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442029049.000061EC0143C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2441313235.000061EC01312000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
                    Source: chrome.exe, 00000009.00000002.2444622457.000061EC0194C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1696267841&target=OPTIMIZATION_TARGET_OMN
                    Source: chrome.exe, 00000009.00000002.2444434679.000061EC01924000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442251972.000061EC01470000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439783636.000061EC00FCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442170286.000061EC01464000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442118307.000061EC01458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1728324084&target=OPTIMIZATION_TARGET_OMN
                    Source: chrome.exe, 00000009.00000002.2444434679.000061EC01924000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442251972.000061EC01470000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442170286.000061EC01464000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442118307.000061EC01458000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2441601650.000061EC01378000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808228&target=OPTIMIZATION_TARGET_GEO
                    Source: chrome.exe, 00000009.00000002.2444434679.000061EC01924000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439783636.000061EC00FCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442170286.000061EC01464000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442118307.000061EC01458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808249&target=OPTIMIZATION_TARGET_NOT
                    Source: chrome.exe, 00000009.00000002.2444994179.000061EC019E8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1577122523.000061EC019E8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442251972.000061EC01470000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439783636.000061EC00FCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442170286.000061EC01464000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442118307.000061EC01458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739894676&target=OPTIMIZATION_TARGET_CLI
                    Source: chrome.exe, 00000009.00000002.2442092586.000061EC0144C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439783636.000061EC00FCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442029049.000061EC0143C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
                    Source: chrome.exe, 00000009.00000002.2444434679.000061EC01924000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442251972.000061EC01470000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439783636.000061EC00FCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442118307.000061EC01458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=240731042075&target=OPTIMIZATION_TARGET_S
                    Source: chrome.exe, 00000009.00000002.2442092586.000061EC0144C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439783636.000061EC00FCC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442029049.000061EC0143C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2441313235.000061EC01312000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=4&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                    Source: chrome.exe, 00000009.00000002.2442942504.000061EC0155C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442251972.000061EC01470000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442170286.000061EC01464000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439567266.000061EC00F28000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2445221045.000061EC01A4C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442118307.000061EC01458000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
                    Source: chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
                    Source: chrome.exe, 00000009.00000002.2439139798.000061EC00E24000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetModels?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                    Source: chrome.exe, 00000009.00000003.1574392460.000061EC01648000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1576903758.000061EC01628000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paa-reporting-advertising.amazon
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://passwords.google.comSaved
                    Source: chrome.exe, 00000009.00000002.2437274402.000061EC009B7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://passwords.google/
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://payment.goog
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pinterest.com
                    Source: chromecache_47.10.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
                    Source: chrome.exe, 00000009.00000002.2425600056.000001DBD4527000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/log?format=json&hasfast=true(
                    Source: chromecache_45.10.drString found in binary or memory: https://plus.google.com
                    Source: chromecache_45.10.drString found in binary or memory: https://plus.googleapis.com
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmp, chrome.exe, 00000009.00000003.1574547266.000061EC011B0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2435279463.000061EC004DA000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438479808.000061EC00C38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://r2b2.io
                    Source: chrome.exe, 00000009.00000002.2433029770.000061EC00094000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win6
                    Source: chrome.exe, 00000009.00000002.2445502957.000061EC01B74000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.c
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://retargetly.com
                    Source: chrome.exe, 00000009.00000002.2434993356.000061EC00414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
                    Source: chrome.exe, 00000009.00000002.2433393238.000061EC0011C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyA2KlwBX3mkFo30om9LU
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: https://sectigo.com/CPS0
                    Source: chrome.exe, 00000009.00000002.2439013766.000061EC00DDC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434224536.000061EC00234000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://seedtag.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shared-storage-demo-content-producer.web.app
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shared-storage-demo-publisher-a.web.app
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://shinobi.jp
                    Source: chrome.exe, 00000009.00000002.2438876577.000061EC00D70000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1574392460.000061EC01684000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2443204985.000061EC01684000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438263025.000061EC00BB0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sitescout.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://smadexprivacysandbox.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://socdm.com
                    Source: chrome.exe, 00000009.00000002.2434993356.000061EC00414000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128482816.000061EC0202C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002503000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://support.google.com/chrome/a/?p=browser_profile_details
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6098869
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://support.google.com/chrome/answer/96817
                    Source: chrome.exe, 00000009.00000003.1575603309.000061EC00534000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2435389945.000061EC00534000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://support.google.com/chromebook?p=app_intent
                    Source: chrome.exe, 00000009.00000002.2442251972.000061EC01470000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                    Source: chrome.exe, 00000009.00000002.2442251972.000061EC01470000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK20161
                    Source: chrome.exe, 00000009.00000003.1540000782.000061EC01414000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016nn
                    Source: chrome.exe, 00000009.00000003.1540000782.000061EC01414000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2442251972.000061EC01470000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                    Source: chrome.exe, 00000009.00000002.2442251972.000061EC01470000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e175
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2412145228.0000000000DBA000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://t.me/ololoshkatuJ
                    Source: chrome.exe, 00000009.00000002.2439013766.000061EC00DDC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tailtarget.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tamedia.com.tw
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tangooserver.com
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://trkkn.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tya-dev.com
                    Source: chrome.exe, 00000009.00000003.2169680453.000061EC004A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://update.googleapis.com/service/update2/json?cup2key=14:I_t6vRpJPSeld_Ys48jSXjgFrRkg-uY7_wcJJ-
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://verve.com
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://weborama-tech.ru
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://wepowerconnections.com
                    Source: chromecache_45.10.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://worldhistory.org
                    Source: chrome.exe, 00000009.00000002.2438937925.000061EC00DB4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20
                    Source: chrome.exe, 00000009.00000002.2443723698.000061EC01870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
                    Source: chrome.exe, 00000009.00000003.1574494520.000061EC012CC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
                    Source: chrome.exe, 00000009.00000003.1574392460.000061EC01684000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2443204985.000061EC01684000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
                    Source: chrome.exe, 00000009.00000002.2443883028.000061EC0188C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
                    Source: chrome.exe, 00000009.00000002.2437274402.000061EC009B7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/#safe
                    Source: chrome.exe, 00000009.00000002.2437274402.000061EC009B7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
                    Source: chrome.exe, 00000009.00000002.2437274402.000061EC009B7000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B70000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1574950959.000061EC01698000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
                    Source: chrome.exe, 00000009.00000002.2423184389.000001DBD11C0000.00000002.00000001.00040000.00000011.sdmpString found in binary or memory: https://www.google.com/chrome/privacy/eula_text.htmlH&elpManaged
                    Source: chrome.exe, 00000009.00000002.2440080998.000061EC01094000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438905556.000061EC00D88000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2438232103.000061EC00B8C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjhkYWYwZDctOTExOS00MGQ5LTg
                    Source: chrome.exe, 00000009.00000002.2444434679.000061EC01924000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/AMpg5-cnrANo_2018.8.8.0/2018.8.8.0_win64_win_thi
                    Source: chrome.exe, 00000009.00000002.2445502957.000061EC01B74000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/V3P1l2hLvLw_7/7_all_sslErrorAssistant.crx3
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/ac6mhlwypzipnufijdvfyhdgvt4q_67/khaoiebndkojlmpp
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/acuigjey24xakmge43ocbxrkkfbq_490/lmelglejhemejgi
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/acuj5hfskmhsqvfoiaunj7t6n33q_2025.3.10.1/jflhchc
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adachi2g2co7ajxpgopfjwjj5rta_3065/jflookgnkcckho
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adjgpjmra4jmuwfmqagvooxa7hua_1249/efniojlnjndmcb
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adp7lmscefogeldj4te6xerqth3a_9.55.0/gcmjkmgdlgnk
                    Source: chrome.exe, 00000009.00000002.2439706523.000061EC00F90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adrga7eefaxjfdmmgfkiaxjg4yjq_2024.7.12.235938/ee
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/adrovrpquemobbwthbstjwffhima_2025.1.17.1/kiabhab
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/cpx7rw4q3nwu7emczqf2w6cu7y_2023.3.30.1305/cocnca
                    Source: chrome.exe, 00000009.00000002.2437025792.000061EC0092C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/gwtrz3nzxhhw5ole7f7oqdbeti_9610/hfnkpimlhhgieadd
                    Source: chrome.exe, 00000009.00000002.2440756424.000061EC011BC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/j2hxfei2occ5siitujtlwgp6xi_3/ojhpjlocmbogdgmfpkh
                    Source: chrome.exe, 00000009.00000002.2434752547.000061EC003A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/l7xtcygg3vebugalfkm3b3dp3u_6.7431.9692/pkomkdjpm
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/dl/release2/chrome_component/pmztx7tk73bjttcb4b6ys6fixq_2025.1.3.1202/ggkkehg
                    Source: chrome.exe, 00000009.00000002.2441012466.000061EC01214000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2436732719.000061EC00855000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
                    Source: chrome.exe, 00000009.00000002.2434993356.000061EC00414000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128482816.000061EC0202C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
                    Source: chrome.exe, 00000009.00000002.2444434679.000061EC01935000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab
                    Source: chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
                    Source: chrome.exe, 00000009.00000003.1577536905.000061EC01B00000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1577717646.000061EC01B70000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1577498103.000061EC01AF4000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1574950959.000061EC01698000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
                    Source: chrome.exe, 00000009.00000002.2434929313.000061EC00404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
                    Source: chromecache_45.10.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
                    Source: chromecache_45.10.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
                    Source: chrome.exe, 00000009.00000003.1526973574.000061E800498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1527017127.000061E8004AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526903373.000061E80048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1527123159.000061E8004B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1527179296.000061E8004C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
                    Source: chrome.exe, 00000009.00000003.1577717646.000061EC01B18000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526505605.000061E800184000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
                    Source: chrome.exe, 00000009.00000003.1526973574.000061E800498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1527017127.000061E8004AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526903373.000061E80048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1527123159.000061E8004B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1527179296.000061E8004C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerForcedOn_PlusAddressAndroidOpenGmsCoreManagementP
                    Source: chrome.exe, 00000009.00000003.1526973574.000061E800498000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1527017127.000061E8004AC000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1526903373.000061E80048C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1527123159.000061E8004B8000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1527179296.000061E8004C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerPlusAddressOfferCreationIfPasswordFieldIsNotVisib
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
                    Source: chrome.exe, 00000009.00000002.2434163858.000061EC0020C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
                    Source: chrome.exe, 00000009.00000002.2443723698.000061EC01870000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
                    Source: chrome.exe, 00000009.00000002.2436431844.000061EC007C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
                    Source: chromecache_47.10.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
                    Source: chromecache_47.10.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
                    Source: chromecache_47.10.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
                    Source: chrome.exe, 00000009.00000002.2446315422.000061EC01F5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 00000009.00000003.2128653237.000061EC0201C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128936216.000061EC02068000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128355375.000061EC01784000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1582596571.000061EC01D7C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2446315422.000061EC01F5C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
                    Source: chrome.exe, 00000009.00000002.2446434313.000061EC01FC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.eebVy_fNKiM.2019.O/rt=j/m=q_dnp
                    Source: chrome.exe, 00000009.00000002.2446434313.000061EC01FC0000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.2128532604.000061EC02034000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.sDa5bc0wD58.L.W.O/m=qmd
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002495000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mediafire.com
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mediafire.com/file_premium/wxrjt6vrb2dhtxa/Toijayds.dat/file
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeString found in binary or memory: https://www.nortonlifelock.com/
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
                    Source: chrome.exe, 00000009.00000002.2437169658.000061EC0098C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434929313.000061EC00404000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
                    Source: chrome.exe, 00000009.00000002.2439092724.000061EC00E1A000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yieldmo.com
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                    Source: unknownHTTPS traffic detected: 104.17.150.117:443 -> 192.168.2.4:49717 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 199.91.155.76:443 -> 192.168.2.4:49718 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49724 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 149.154.167.99:443 -> 192.168.2.4:49726 version: TLS 1.2
                    Source: unknownHTTPS traffic detected: 104.21.61.68:443 -> 192.168.2.4:49727 version: TLS 1.2
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0043FF70 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,8_2_0043FF70
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0043FF70 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,8_2_0043FF70
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00423490 CreateDesktopW,8_2_00423490
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_0079E0700_2_0079E070
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_00790D900_2_00790D90
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_007910680_2_00791068
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_007919F20_2_007919F2
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_0079DAE00_2_0079DAE0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_0079E0610_2_0079E061
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_007923A00_2_007923A0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_007924510_2_00792451
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_007926D80_2_007926D8
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_0079105B0_2_0079105B
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_007910A20_2_007910A2
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_007911190_2_00791119
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_007916060_2_00791606
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_0079DAD00_2_0079DAD0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_067BFB400_2_067BFB40
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_067BE5800_2_067BE580
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_067BEAE00_2_067BEAE0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 0_2_067A00400_2_067A0040
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004254508_2_00425450
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0040EC108_2_0040EC10
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0041E0A88_2_0041E0A8
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00425D408_2_00425D40
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004251608_2_00425160
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0040B9908_2_0040B990
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0041DE508_2_0041DE50
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0041D6238_2_0041D623
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004166378_2_00416637
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00411EAA8_2_00411EAA
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0044DEB08_2_0044DEB0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0041EF248_2_0041EF24
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00448BF08_2_00448BF0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004453808_2_00445380
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004010408_2_00401040
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0040C4408_2_0040C440
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0041FC798_2_0041FC79
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00420C328_2_00420C32
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0044D8308_2_0044D830
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0043D8E08_2_0043D8E0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004034F08_2_004034F0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00430CF08_2_00430CF0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0040C8908_2_0040C890
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00428CA08_2_00428CA0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004448A08_2_004448A0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00407D408_2_00407D40
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004221008_2_00422100
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004491D08_2_004491D0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004269E08_2_004269E0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004109F38_2_004109F3
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00439DA08_2_00439DA0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0044C9B08_2_0044C9B0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00417DBB8_2_00417DBB
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0044CA408_2_0044CA40
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0042CE608_2_0042CE60
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0042DA008_2_0042DA00
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00408A208_2_00408A20
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0040D6208_2_0040D620
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0042FAD08_2_0042FAD0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004462D08_2_004462D0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00402AE08_2_00402AE0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0040FEF08_2_0040FEF0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004172F58_2_004172F5
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0040DA908_2_0040DA90
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0040A2908_2_0040A290
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00403E908_2_00403E90
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004112908_2_00411290
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004306A08_2_004306A0
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0044DB508_2_0044DB50
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0041E3608_2_0041E360
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0040CF708_2_0040CF70
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004047728_2_00404772
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00406F768_2_00406F76
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00444B008_2_00444B00
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004217108_2_00421710
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00408F308_2_00408F30
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0041CBC48_2_0041CBC4
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_004137DF8_2_004137DF
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0041F7F18_2_0041F7F1
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0044D3A08_2_0044D3A0
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeStatic PE information: invalid certificate
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs ca703fd579bbcee73544b9b37f8a6469.bin.exe
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1474708111.0000000005920000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameEkmvvgnrw.dll" vs ca703fd579bbcee73544b9b37f8a6469.bin.exe
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002503000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs ca703fd579bbcee73544b9b37f8a6469.bin.exe
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.000000000350A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ca703fd579bbcee73544b9b37f8a6469.bin.exe
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477751373.00000000067F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ca703fd579bbcee73544b9b37f8a6469.bin.exe
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1459846445.00000000007CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs ca703fd579bbcee73544b9b37f8a6469.bin.exe
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs ca703fd579bbcee73544b9b37f8a6469.bin.exe
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs ca703fd579bbcee73544b9b37f8a6469.bin.exe
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.67f0000.7.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.67f0000.7.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.67f0000.7.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.67f0000.7.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.67f0000.7.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.67f0000.7.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@22/14@21/8
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00445380 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,GetVolumeInformationW,8_2_00445380
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeMutant created: \Sessions\1\BaseNamedObjects\Tddwjyxtpwo
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeMutant created: NULL
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: chrome.exe, 00000009.00000002.2444622457.000061EC0194C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 45;
                    Source: chrome.exe, 00000009.00000002.2444622457.000061EC0194C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
                    Source: chrome.exe, 00000009.00000003.1540000782.000061EC01414000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439193416.000061EC00E58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2444434679.000061EC01938000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2440450681.000061EC0112C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434389879.000061EC00305000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2444692271.000061EC01968000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
                    Source: chrome.exe, 00000009.00000002.2436650381.000061EC00821000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
                    Source: chrome.exe, 00000009.00000002.2444622457.000061EC0194C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 120;
                    Source: chrome.exe, 00000009.00000003.1540000782.000061EC01414000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2439193416.000061EC00E58000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2444434679.000061EC01938000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2440450681.000061EC0112C000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2434389879.000061EC00305000.00000004.00001000.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2444692271.000061EC01968000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
                    Source: chrome.exe, 00000009.00000002.2444622457.000061EC0194C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '19E16122849E343B';
                    Source: chrome.exe, 00000009.00000002.2444278825.000061EC018E0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(id) FROM metrics WHERE metrics.metric_hash = '64BD7CCE5A95BF00';
                    Source: chrome.exe, 00000009.00000002.2444622457.000061EC0194C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';
                    Source: chrome.exe, 00000009.00000002.2442942504.000061EC0155C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '534661B278B11BD';
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeVirustotal: Detection: 15%
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeReversingLabs: Detection: 15%
                    Source: unknownProcess created: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe "C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe"
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess created: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe "C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe"
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2416,i,15548464778851748453,3161970406248836977,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2472 /prefetch:3
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess created: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe "C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2416,i,15548464778851748453,3161970406248836977,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2472 /prefetch:3Jump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.000000000350A000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477751373.00000000067F0000.00000004.08000000.00040000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003461000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.000000000350A000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477751373.00000000067F0000.00000004.08000000.00040000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003461000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1477226717.0000000005F70000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, --.cs.Net Code: _000E System.AppDomain.Load(byte[])
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.359e3f8.2.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.34ba900.0.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.67f0000.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.67f0000.7.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.67f0000.7.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5f70000.6.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5f70000.6.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5f70000.6.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5f70000.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5f70000.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5e50000.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5e50000.5.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1476802430.0000000005E50000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1461244326.0000000002503000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: ca703fd579bbcee73544b9b37f8a6469.bin.exe PID: 7512, type: MEMORYSTR
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exeStatic PE information: real checksum: 0x1bdf53 should be: 0x1f495
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_00419B01 push esp; retf 8_2_00419B2C
                    Source: 0.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.5920000.3.raw.unpack, rWquhhHtMjVjqB3IE0u.csHigh entropy of concatenated method names: 'ooFHf1YXpJ', 'IqcH8PCU8t', 'QOVHJdush0', 'n3bHTkjONc', 'Gc5H7VglEt', 'wIVHcPlvA9', 'j4rH5us6V5', 'ejZHILsQvy', 'elbHjepxXE', 'dsWHkah2Nh'
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: ca703fd579bbcee73544b9b37f8a6469.bin.exe PID: 7512, type: MEMORYSTR
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002503000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeMemory allocated: 790000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeMemory allocated: 2450000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeMemory allocated: 4450000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599671Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599125Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598906Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598796Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598577Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598169Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598050Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597780Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597671Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597453Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597343Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597234Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597125Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597015Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596906Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596796Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596687Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596578Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596468Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596343Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596234Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596125Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596015Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595906Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595796Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595687Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595577Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595466Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595339Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595231Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595115Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594832Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594641Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594531Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594421Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594312Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594203Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594074Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 593968Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeWindow / User API: threadDelayed 2685Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeWindow / User API: threadDelayed 7056Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep count: 32 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -600000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -599890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7604Thread sleep count: 2685 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7604Thread sleep count: 7056 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -599781s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -599671s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -599562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -599453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -599343s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -599234s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -599125s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -599015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -598906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -598796s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -598687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -598577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -598468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -598169s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -598050s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -597890s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -597780s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -597671s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -597562s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -597453s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -597343s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -597234s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -597125s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -597015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -596906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -596796s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -596687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -596578s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -596468s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -596343s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -596234s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -596125s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -596015s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -595906s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -595796s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -595687s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -595577s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -595466s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -595339s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -595231s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -595115s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -594832s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -594641s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -594531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -594421s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -594312s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -594203s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -594074s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 7600Thread sleep time: -593968s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe TID: 5716Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 600000Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599890Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599781Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599671Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599562Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599453Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599343Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599234Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599125Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 599015Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598906Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598796Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598687Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598577Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598468Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598169Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 598050Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597890Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597780Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597671Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597562Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597453Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597343Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597234Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597125Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 597015Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596906Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596796Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596687Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596578Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596468Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596343Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596234Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596125Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 596015Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595906Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595796Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595687Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595577Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595466Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595339Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595231Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 595115Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594832Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594641Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594531Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594421Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594312Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594203Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 594074Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeThread delayed: delay time: 593968Jump to behavior
                    Source: chrome.exe, 00000009.00000002.2441435097.000061EC01334000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
                    Source: chrome.exe, 00000009.00000002.2434357036.000061EC002FC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware, Inc."
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002503000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: m+c9g3da5swrkX5Sq+onmHwZie09kn9VpOd1sHdDjfA6hWt2u+0rmnBbsaUpkmZojusim1xWpft1mGJogfArhmdWpPc6jilQreoRu3dZr+omzFVSvMo3h3dxuvEjv3NZrPIrzHVSvMEAln9S89cgk3dPh/h1pXdWrM06hXtZr6UPk3YMr/s6qEJYu/c6nn1Z8/krg010vew8knxDjPEjlntZ880rg1ZWvP91wiEO/aUPhGFSpfwijkFSuugrhSlkofM+m3d2u+0rmnBbsds2h35Yuvs8zHBWqvsigX8Mu/MhnHdDre06
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
                    Source: chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorr
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2413722222.0000000001166000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes
                    Source: chrome.exe, 00000009.00000003.1561131198.000001DBD47A8000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561955657.000001DBD47A8000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561539004.000001DBD47BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Micro
                    Source: chrome.exe, 00000009.00000002.2420777149.000001DBCE858000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration ServiceUS@
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4^3
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1559212990.000001DBD470C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition
                    Source: chrome.exe, 00000009.00000002.2420777149.000001DBCE81C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllqq
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1559212990.000001DBD470C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual ProcessorOd
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1459846445.0000000000803000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
                    Source: chrome.exe, 00000009.00000002.2440240060.000061EC010D8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=15c8023d-ae77-4663-a21e-bccb49b6e1b7
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002503000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                    Source: chrome.exe, 00000009.00000003.2333184161.000061EC01F38000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid PartitionqbM
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
                    Source: chrome.exe, 00000009.00000002.2440881386.000061EC011DC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                    Source: chrome.exe, 00000009.00000003.1566912610.000001DBD47A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
                    Source: chrome.exe, 00000009.00000003.1566249808.000001DBD47AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ons/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost5032Debug Register Accesses/sec5034Debug Register Accesses Cost5036Page Fault Intercepts/sec5038Page Fault Intercepts Cost5040NMI Interrupts/sec5042NMI Interrupts Cost5044Guest Page Table Maps/sec5046Large Page TLB Fills/sec5048Small Page TLB Fills/sec5050Reflected Guest Page Faults/sec5052APIC MMIO Accesses/sec5054IO Intercept Messages/sec5056Memory Intercept Messages/sec5058APIC EOI Accesses/sec5060Other Messages/sec5062Page Table Allocations/sec5064Logical Processor Migrations/sec5066Address Space Evictions/sec5068Address Space Switches/sec5070Address Domain Flushes/sec5072Address Space Flushes/sec5074Global GVA Range Flushes/sec5076Local Flushed GVA Ranges/sec5078Page Table Evictions/sec5080Page Table Reclamations/sec5082Page Table Resets/sec5084Page Table V
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partitionl
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partition
                    Source: chrome.exe, 00000009.00000003.1529372301.000061EC00388000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware20,1(
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device p
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002503000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Co
                    Source: chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisorc
                    Source: chrome.exe, 00000009.00000003.1566498783.000001DBD7EC9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interru
                    Source: chrome.exe, 00000009.00000003.1561103449.000001DBD47BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1566249808.000001DBD47D5000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561864004.000001DBD47A1000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561513476.000001DBD47BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561928661.000001DBD47BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561432883.000001DBD47BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Ti
                    Source: chrome.exe, 00000009.00000003.1558460813.000001DBD46FC000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1559212990.000001DBD470C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V ycdlghiiaujkfof Bus Pipes
                    Source: chrome.exe, 00000009.00000003.1566300421.000001DBD47A8000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1566662500.000001DBD47AD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notificati
                    Source: chrome.exe, 00000009.00000003.1558460813.000001DBD46FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V ycdlghiiaujkfof Bus
                    Source: chrome.exe, 00000009.00000003.1566300421.000001DBD47A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interru
                    Source: chrome.exe, 00000009.00000003.1561676343.000001DBD474A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ntext Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
                    Source: chrome.exe, 00000009.00000003.1561836362.000001DBD47D7000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561404660.000001DBD47D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hyperviso
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration ServiceGq
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1559212990.000001DBD470C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipesx
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual ProcessorowsP
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical ProcessorN
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor=p
                    Source: chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTFaVMWare
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2412835454.000000000112C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWX)
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorc.sys
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1559283981.000001DBD4733000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration ServicetG
                    Source: chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V ycdlghiiaujkfof BusX
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD2431000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisorr
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1461244326.0000000002503000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: m+c9g3da5swrkX5Sq+onmHwZie09kn9VpOd1sHdDjfA6hWt2u+0rmnBbsaUpkmZojusim1xWpft1mGJogfArhmdWpPc6jilQreoRu3dZr+omzFVSvMo3h3dxuvEjv3NZrPIrzHVSvMEAln9S89cgk3dPh/h1pXdWrM06hXtZr6UPk3YMr/s6qEJYu/c6nn1Z8/krg010vew8knxDjPEjlntZ880rg1ZWvP91wiEO/aUPhGFSpfwijkFSuugrhSlkofM+m3d2u+0rmnBbsds2h35Yuvs8zHBWqvsigX8Mu/MhnHdDre06
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828r0
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root PartitionG
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processormui_q"
                    Source: chrome.exe, 00000009.00000003.1561720160.000001DBD470B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000009.00000003.1561259516.000001DBD4708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration ServiceyUJ
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor+
                    Source: chrome.exe, 00000009.00000002.2426159213.000001DBD46B6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partitionll
                    Source: chrome.exe, 00000009.00000002.2424648369.000001DBD24A4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus Pipesui
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeAPI call chain: ExitProcess graph end nodegraph_8-15846
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeCode function: 8_2_0044B180 LdrInitializeThunk,8_2_0044B180
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess created: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe "C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223Jump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeQueries volume information: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: 8.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2411522580.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2414179477.00000000011AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: *electrum*
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2414179477.00000000011AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: llets/ElectronCash
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2414179477.00000000011D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Libertyis-1
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2413722222.0000000001166000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2414179477.00000000011AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2412835454.000000000112C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Exodus
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2414179477.00000000011AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: dfflelocpak","ez":"Bitget Wallet"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","mh
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2412835454.000000000112C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000000.00000002.1474708111.0000000005920000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                    Source: ca703fd579bbcee73544b9b37f8a6469.bin.exe, 00000008.00000002.2414179477.00000000011AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Livem;C%
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
                    Source: Yara matchFile source: 00000008.00000002.2414179477.00000000011AF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: ca703fd579bbcee73544b9b37f8a6469.bin.exe PID: 1040, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Attempt to bypass Chrome Application-Bound Encryption
                    Source: C:\Users\user\Desktop\ca703fd579bbcee73544b9b37f8a6469.bin.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9223
                    Yara detected LummaC Stealer
                    Source: Yara matchFile source: 8.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.400000.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.ca703fd579bbcee73544b9b37f8a6469.bin.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.1471285499.0000000003802000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2411522580.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Windows Management Instrumentation                    		1
                    Create Account                    		11
                    Process Injection                    		1
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		11
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		21
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		31
                    Virtualization/Sandbox Evasion                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		1
                    Remote Access Software                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAt1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Process Injection                    		Security Account Manager31
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares2
                    Clipboard Data                    		2
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
                    Obfuscated Files or Information                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture3
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Software Packing                    		LSA Secrets22
                    System Information Discovery                    		SSHKeylogging14
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    DLL Side-Loading                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1636157 Sample: ca703fd579bbcee73544b9b37f8... Startdate: 12/03/2025 Architecture: WINDOWS Score: 100 27 cuddlypifllow.life 2->27 29 www.mediafire.com 2->29 31 4 other IPs or domains 2->31 49 Found malware configuration 2->49 51 Antivirus detection for URL or domain 2->51 53 Multi AV Scanner detection for submitted file 2->53 55 7 other signatures 2->55 9 ca703fd579bbcee73544b9b37f8a6469.bin.exe 15 2 2->9         started        signatures3 process4 dnsIp5 39 download2335.mediafire.com 199.91.155.76, 443, 49718 MEDIAFIREUS United States 9->39 41 www.mediafire.com 104.17.150.117, 443, 49717 CLOUDFLARENETUS United States 9->41 57 Attempt to bypass Chrome Application-Bound Encryption 9->57 59 Found many strings related to Crypto-Wallets (likely being stolen) 9->59 61 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 9->61 13 ca703fd579bbcee73544b9b37f8a6469.bin.exe 9->13         started        signatures6 process7 dnsIp8 43 cuddlypifllow.life 104.21.61.68, 443, 49727 CLOUDFLARENETUS United States 13->43 45 t.me 149.154.167.99, 443, 49726 TELEGRAMRU United Kingdom 13->45 47 127.0.0.1 unknown unknown 13->47 63 Found many strings related to Crypto-Wallets (likely being stolen) 13->63 65 Tries to harvest and steal browser information (history, passwords, etc) 13->65 67 Tries to steal Crypto Currency Wallets 13->67 17 chrome.exe 13->17         started        signatures9 process10 dnsIp11 23 192.168.2.13 unknown unknown 17->23 25 192.168.2.4, 138, 443, 49579 unknown unknown 17->25 20 chrome.exe 17->20         started        process12 dnsIp13 33 www.google.com 142.250.185.132, 443, 49732, 49733 GOOGLEUS United States 20->33 35 plus.l.google.com 20->35 37 4 other IPs or domains 20->37

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.