Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe
Analysis ID:1663547
MD5:ce855b068a8c8912c7efd515a2790d2f
SHA1:0fddf011295ff4b0c7a2c2af34631d38e9678b33
SHA256:30e63cedc371dba479cc67a40a2b3e5a3add78330426c207b4f469a80ca9282d
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Attempt to bypass Chrome Application-Bound Encryption
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected LummaC Stealer
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
Writes to foreign memory regions
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to download and launch executables
Contains functionality to dynamically determine API calls
Contains functionality to modify clipboard data
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to record screenshots
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Searches for user specific document files
Sigma detected: Browser Started with Remote Debugging
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe (PID: 6716 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe" MD5: CE855B068A8C8912C7EFD515A2790D2F)
    • Acrobat.exe (PID: 6904 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\chicos.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)
      • AcroCEF.exe (PID: 700 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
        • AcroCEF.exe (PID: 6776 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2224 --field-trial-handle=1568,i,11324995402094139169,9242142557487277708,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)
    • SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe (PID: 7012 cmdline: "C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe" MD5: CE855B068A8C8912C7EFD515A2790D2F)
      • RegAsm.exe (PID: 7440 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • RegAsm.exe (PID: 7456 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
  • SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe (PID: 1132 cmdline: "C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe" MD5: CE855B068A8C8912C7EFD515A2790D2F)
    • RegSvcs.exe (PID: 3164 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
      • chrome.exe (PID: 8240 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203 MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 8512 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,12694421333245703449,3129680459386723953,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2716 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe (PID: 8924 cmdline: "C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe" MD5: CE855B068A8C8912C7EFD515A2790D2F)
    • RegAsm.exe (PID: 1640 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" MD5: 0D5DF43AF2916F47D00C1573797C1A13)
      • chrome.exe (PID: 6208 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203 MD5: E81F54E6C1129887AEA47E7D092680BF)
        • chrome.exe (PID: 3632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2452,i,14918483231782066404,16312370181647215782,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2548 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": ["unbinddas.digital/qwez", "jrxsafer.top/shpaoz", "plantainklj.run/opafg", "puerrogfh.live/iqwez", "quavabvc.top/iuzhd", "advennture.top/GKsiio", "targett.top/dsANGt", "rambutanvcx.run/adioz", "ywmedici.top/noagis"], "Build id": "15c0809998ff0231389bed2b0618b07a9e8d5eede1"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
      00000015.00000002.2391522183.0000000003860000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
        00000002.00000003.1207783827.00000000036F8000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          00000015.00000002.2392222837.0000000003A00000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
            00000002.00000002.2392027364.0000000003870000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
              Click to see the 6 entries

              Sigma Signatures

              Sigma detected: Browser Started with Remote Debugging
              Source: Process startedAuthor: pH-T (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203, CommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203, CommandLine|base64offset|contains: ^", Image: C:\Program Files\Google\Chrome\Application\chrome.exe, NewProcessName: C:\Program Files\Google\Chrome\Application\chrome.exe, OriginalFileName: C:\Program Files\Google\Chrome\Application\chrome.exe, ParentCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe", ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe, ParentProcessId: 3164, ParentProcessName: RegSvcs.exe, ProcessCommandLine: "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203, ProcessId: 8240, ProcessName: chrome.exe
              Sigma detected: CurrentVersion Autorun Keys Modification
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, ProcessId: 7012, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutoStartApp

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-04-11T22:51:58.893333+020020283713Unknown Traffic192.168.2.949686172.67.172.163443TCP
              2025-04-11T22:52:04.872588+020020283713Unknown Traffic192.168.2.949693172.67.172.163443TCP
              2025-04-11T22:52:06.150811+020020283713Unknown Traffic192.168.2.949701172.67.172.163443TCP
              2025-04-11T22:52:07.579211+020020283713Unknown Traffic192.168.2.949704172.67.172.163443TCP
              2025-04-11T22:52:10.890995+020020283713Unknown Traffic192.168.2.949710172.67.172.163443TCP
              2025-04-11T22:52:11.801862+020020283713Unknown Traffic192.168.2.949711172.67.172.163443TCP
              2025-04-11T22:52:12.579174+020020283713Unknown Traffic192.168.2.949712172.67.172.163443TCP
              2025-04-11T22:52:15.646118+020020283713Unknown Traffic192.168.2.949713172.67.172.163443TCP
              2025-04-11T22:52:20.322717+020020283713Unknown Traffic192.168.2.949732172.67.172.163443TCP
              2025-04-11T22:52:24.746364+020020283713Unknown Traffic192.168.2.949740172.67.172.163443TCP
              2025-04-11T22:52:26.149491+020020283713Unknown Traffic192.168.2.949741172.67.172.163443TCP
              2025-04-11T22:52:27.149655+020020283713Unknown Traffic192.168.2.949742172.67.172.163443TCP
              2025-04-11T22:52:27.961350+020020283713Unknown Traffic192.168.2.949743172.67.172.163443TCP
              2025-04-11T22:52:29.836562+020020283713Unknown Traffic192.168.2.949744172.67.172.163443TCP
              2025-04-11T22:52:32.017364+020020283713Unknown Traffic192.168.2.949758172.67.172.163443TCP
              2025-04-11T22:52:33.912859+020020283713Unknown Traffic192.168.2.949760172.67.172.163443TCP
              2025-04-11T22:52:38.789795+020020283713Unknown Traffic192.168.2.949768172.67.172.163443TCP
              2025-04-11T22:52:39.777608+020020283713Unknown Traffic192.168.2.949769172.67.172.163443TCP
              2025-04-11T22:52:40.825683+020020283713Unknown Traffic192.168.2.949770172.67.172.163443TCP
              2025-04-11T22:52:41.675136+020020283713Unknown Traffic192.168.2.949771172.67.172.163443TCP
              2025-04-11T22:52:43.666562+020020283713Unknown Traffic192.168.2.949772172.67.172.163443TCP
              2025-04-11T22:52:44.757638+020020283713Unknown Traffic192.168.2.949773172.67.172.163443TCP
              2025-04-11T22:52:46.523777+020020283713Unknown Traffic192.168.2.949775172.67.172.163443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Found malware configuration
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpMalware Configuration Extractor: LummaC {"C2 url": ["unbinddas.digital/qwez", "jrxsafer.top/shpaoz", "plantainklj.run/opafg", "puerrogfh.live/iqwez", "quavabvc.top/iuzhd", "advennture.top/GKsiio", "targett.top/dsANGt", "rambutanvcx.run/adioz", "ywmedici.top/noagis"], "Build id": "15c0809998ff0231389bed2b0618b07a9e8d5eede1"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeReversingLabs: Detection: 36%
              Multi AV Scanner detection for submitted file
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeVirustotal: Detection: 34%Perma Link
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeReversingLabs: Detection: 36%
              Joe Sandbox ML detected suspicious sample
              Source: Submited SampleNeural Call Log Analysis: 98.1%
              Sample uses string decryption to hide its real strings
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpString decryptor: unbinddas.digital/qwez
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpString decryptor: jrxsafer.top/shpaoz
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpString decryptor: plantainklj.run/opafg
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpString decryptor: puerrogfh.live/iqwez
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpString decryptor: quavabvc.top/iuzhd
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpString decryptor: advennture.top/GKsiio
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpString decryptor: targett.top/dsANGt
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpString decryptor: rambutanvcx.run/adioz
              Source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmpString decryptor: ywmedici.top/noagis
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041A811 CryptUnprotectData,7_2_0041A811
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041B9C1 CryptUnprotectData,7_2_0041B9C1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041B65C CryptUnprotectData,7_2_0041B65C
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 104.192.142.25:443 -> 192.168.2.9:49683 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 52.216.29.196:443 -> 192.168.2.9:49684 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.192.142.25:443 -> 192.168.2.9:49685 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49686 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49693 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.192.142.25:443 -> 192.168.2.9:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.192.142.24:443 -> 192.168.2.9:49729 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49758 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49760 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49768 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49769 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49770 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49771 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49772 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49773 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49775 version: TLS 1.2
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00454633 FindFirstFileExW,0_2_00454633
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000F4633 FindFirstFileExW,2_2_000F4633
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then add ebp, esi7_2_00430000
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [ecx], dx7_2_004119F9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], al7_2_0041234F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], 7A5B3AD5h7_2_00451490
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [esi], cl7_2_00437545
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov esi, ecx7_2_004205D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov esi, ecx7_2_004205D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp], ecx7_2_004205D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], cx7_2_004195B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+7B64E6A2h]7_2_004195B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx eax, byte ptr [esp+ebx+44h]7_2_004106A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-39CB2B86h]7_2_0040D700
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov word ptr [eax], cx7_2_0041D811
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]7_2_00402020
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BEB994C9h7_2_0041B885
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [esi], cl7_2_00437897
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp], eax7_2_00451090
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], A26ABC73h7_2_00451090
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+3Ch]7_2_00434100
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]7_2_00435180
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-7C9EAF8Ah]7_2_0041C1A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ecx], al7_2_00422C50
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h7_2_0041B202
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-46h]7_2_0040FA10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp+08h], eax7_2_00434A1F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h7_2_0041B232
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ecx], al7_2_00423A3C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ebp+02h]7_2_00429AC0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-18851F36h]7_2_0043A2E6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax+2184E64Eh]7_2_0041AAFA
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp+00000884h], 00000018h7_2_0041D28E
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], B245113Ah7_2_0041DBCF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp+04h], edx7_2_0041DBCF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, edi7_2_0041C3B2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then push eax7_2_0042D382
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ebp, eax7_2_00408390
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov ecx, edi7_2_0041C3B2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [ecx], al7_2_00422C50
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]7_2_00409C10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]7_2_00409C10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ebx, byte ptr [esi+01h]7_2_00401C20
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov eax, dword ptr [esi+0Ch]7_2_00410CC6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 8F3275A0h7_2_0041E4E5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [esi], al7_2_00422D6C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]7_2_0040AD70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BEB994C9h7_2_00429570
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BEB994C9h7_2_0041BD04
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BEB994C9h7_2_0041B885
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edi, ecx7_2_00411D16
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], cl7_2_004395C3
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+28h]7_2_0041E5C2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx ebx, byte ptr [eax+esi]7_2_0040C590
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov dword ptr [esp], ecx7_2_0043859A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], cl7_2_0043859A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov edi, ecx7_2_00411E0F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BEB994C9h7_2_0041E6D8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx-7749D400h]7_2_0040BEE0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then mov byte ptr [edi], cl7_2_00439710
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx-10h]18_2_00446020
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then movzx ecx, word ptr [esi]18_2_0044FA98
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then movzx edi, byte ptr [esp+esi]18_2_0044FBBD
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then movzx ebx, byte ptr [edx]18_2_00443310
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov word ptr [ecx], dx18_2_0044CB42
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp word ptr [edi+ebx], 0000h24_2_00450780
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx]24_2_00450330
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BEB994C9h24_2_0044D03C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BEB994C9h24_2_0044D143
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], BEB994C9h24_2_0044D137
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then cmp dword ptr [edx+ebx*8], A0E666EBh24_2_0044A020
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-56h]24_2_0044A020
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx-3465FF36h]24_2_0044AA53
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-62h]24_2_0044AA53
              Source: chrome.exeMemory has grown: Private usage: 8MB later: 41MB

              Networking

              barindex
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: unbinddas.digital/qwez
              Source: Malware configuration extractorURLs: jrxsafer.top/shpaoz
              Source: Malware configuration extractorURLs: plantainklj.run/opafg
              Source: Malware configuration extractorURLs: puerrogfh.live/iqwez
              Source: Malware configuration extractorURLs: quavabvc.top/iuzhd
              Source: Malware configuration extractorURLs: advennture.top/GKsiio
              Source: Malware configuration extractorURLs: targett.top/dsANGt
              Source: Malware configuration extractorURLs: rambutanvcx.run/adioz
              Source: Malware configuration extractorURLs: ywmedici.top/noagis
              Source: Joe Sandbox ViewIP Address: 104.192.142.24 104.192.142.24
              Source: Joe Sandbox ViewIP Address: 104.192.142.25 104.192.142.25
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49686 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49701 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49693 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49704 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49710 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49711 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49713 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49712 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49740 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49744 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49742 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49743 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49741 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49760 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49758 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49769 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49768 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49772 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49775 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49770 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49771 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49773 -> 172.67.172.163:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.9:49732 -> 172.67.172.163:443
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.215
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 2.23.227.208
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
              Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
              Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
              Source: unknownTCP traffic detected without corresponding DNS query: 74.125.21.94
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00406A00 GetTempPathA,GetFileAttributesA,LoadLibraryA,LoadLibraryA,FreeLibrary,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,URLDownloadToFileA,FreeLibrary,FreeLibrary,FreeLibrary,ShellExecuteA,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,std::ios_base::_Ios_base_dtor,0_2_00406A00
              Source: global trafficHTTP traffic detected: GET /fedormaximofgfdvdc/saxxxax/downloads/chicos.pdf HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: bitbucket.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /6544da31-4ffc-4ef7-929c-ad409ab2ef2f/downloads/21ffe1a0-863b-4292-ac6b-b3097c9ca54a/chicos.pdf?response-content-disposition=attachment%3B%20filename%3D%22chicos.pdf%22&AWSAccessKeyId=ASIA6KOSE3BNL7F3DWKE&Signature=EzbQwOkqVgbU%2Fknor2ru5kwmxyQ%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEE0aCXVzLWVhc3QtMSJHMEUCIERjcQw4%2Fs4YNWIGHe3HhpcdgnLvZfuIuaGhrIwdsvTwAiEAigq55hIui2boFp52BRs0CBHLPAnNifAO0wWORPMAHTwqsAIIxv%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FARAAGgw5ODQ1MjUxMDExNDYiDPDm4E2Vc%2B7%2B4tebvyqEAieS6xFHz183QuvdK%2FHM5UKSBHHLCZShY7wbcN1r9UXT9JTgWGsXrMuPnD0JNwzvGvH%2BaEIYVUQN2flP4kEBhJy3od0EEEsJ6UwmXZL%2BL1sF6xdek0zIi5YjdhqTM9JNkxJj6ZvZf9Y%2BK%2Fzzx7sshgxE8ea%2FoMF4NWDA1NC94g4ohR8SKUQzXxyKytWD%2Blj6bu1YrWrE3zvjr4FALa36KC8l7AIbl1D%2FQP9RCrJ1HfrNR02VimntokZ6ojnA2whUEBYI5ffsJHXdakQYBhCaLMvlJbz%2F8jxVmc3LvDX%2B9w8YSeyjLG6PSKneU1A8DPNI1GMicPAguWgKmqr9ku6fPfyVCHIaMKb85b8GOp0Bn44lUZj3FupRv5miaaXeiMmA2rRdmJzzv%2Fz4Z0L6uQ9Wwdb%2FV%2FDo%2B8%2BjK3abNlqtXYU%2B%2B2%2F9Lh827fnW6k18o%2FTTeEGIaoL1KE1jJRVRgubWv1%2FqlgZr9CQdkSEDic8%2F0fy%2BXKvGHPfxROaA4AQEXv8FDvoBh9cFUWQumYEexBrojdEfPk8I%2BY9YJkCIJZlvzfIW6ay6elLTJ%2FrftQ%3D%3D&Expires=1744405806 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Connection: Keep-AliveHost: bbuseruploads.s3.amazonaws.com
              Source: global trafficHTTP traffic detected: GET /fedormaximofgfdvdc/saxxxax/raw/797c0121c4fd45bacf2e3e7cf71b0a0e2229177b/sccccsdddpfpfpf HTTP/1.1Accept: */*User-Agent: Chrome/95.0.4638.54Host: bitbucket.org
              Source: global trafficHTTP traffic detected: GET /fedormaximofgfdvdc/saxxxax/raw/797c0121c4fd45bacf2e3e7cf71b0a0e2229177b/sccccsdddpfpfpf HTTP/1.1Accept: */*User-Agent: Chrome/95.0.4638.54Host: bitbucket.org
              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIlaHLAQiJo8sBCIWgzQEI/qXOAQiA1s4BCPnXzgEIpeDOAQiu5M4BCN/kzgEIjOXOAQ==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIlaHLAQiJo8sBCIWgzQEI/qXOAQiA1s4BCPnXzgEIpeDOAQiu5M4BCN/kzgEIjOXOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /fedormaximofgfdvdc/saxxxax/raw/797c0121c4fd45bacf2e3e7cf71b0a0e2229177b/sccccsdddpfpfpf HTTP/1.1Accept: */*User-Agent: Chrome/95.0.4638.54Host: bitbucket.org
              Source: global trafficHTTP traffic detected: GET /_/scs/abc-static/_/js/k=gapi.gapi.en.24R2mrw_td8.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo9vR1rNwOjC3PXOxUlyKiCwNBv2Fg/cb=gapi.loaded_0 HTTP/1.1Host: apis.google.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*X-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIlaHLAQiJo8sBCIWgzQEI+dfOAQ==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIk6HLAQiJo8sBCIWgzQEI/qXOAQjtqc4BCMjRzgEIgNbOAQil4M4BCK7kzgEI3+TOAQiM5c4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIo7bJAQipncoBCNT9ygEIk6HLAQiJo8sBCIWgzQEI/qXOAQjtqc4BCMjRzgEIgNbOAQil4M4BCK7kzgEI3+TOAQiM5c4BSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org
              Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000013.00000003.1388046296.00003DAC0396C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1387856015.00003DAC0392C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1387932702.00003DAC0394C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
              Source: chrome.exe, 00000013.00000003.1388046296.00003DAC0396C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1387856015.00003DAC0392C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1387932702.00003DAC0394C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <!--_html_template_end_-->`}const FACEBOOK_APP_ID=738026486351791;class DoodleShareDialogElement extends CrLitElement{constructor(){super(...arguments);this.url={url:""}}static get is(){return"ntp-doodle-share-dialog"}static get styles(){return getCss$2()}render(){return getHtml$2.bind(this)()}static get properties(){return{title:{type:String},url:{type:Object}}}onFacebookClick_(){const url="https://www.facebook.com/dialog/share"+`?app_id=${FACEBOOK_APP_ID}`+`&href=${encodeURIComponent(this.url.url)}`+`&hashtag=${encodeURIComponent("#GoogleDoodle")}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kFacebook)}onTwitterClick_(){const url="https://twitter.com/intent/tweet"+`?text=${encodeURIComponent(`${this.title}\n${this.url.url}`)}`;WindowProxy.getInstance().open(url);this.notifyShare_(DoodleShareChannel.kTwitter)}onEmailClick_(){const url=`mailto:?subject=${encodeURIComponent(this.title)}`+`&body=${encodeURIComponent(this.url.url)}`;WindowProxy.getInstance().navigate(url);this.notifyShare_(DoodleShareChannel.kEmail)}onCopyClick_(){this.$.url.select();navigator.clipboard.writeText(this.url.url);this.notifyShare_(DoodleShareChannel.kLinkCopy)}onCloseClick_(){this.$.dialog.close()}notifyShare_(channel){this.fire("share",channel)}}customElements.define(DoodleShareDialogElement.is,DoodleShareDialogElement);let instance$3=null;function getCss$1(){return instance$3||(instance$3=[...[getCss$4()],css`:host{--ntp-logo-height:168px;display:flex;flex-direction:column;flex-shrink:0;justify-content:flex-end;min-height:var(--ntp-logo-height)}:host([doodle-boxed_]){justify-content:flex-end}#logo{forced-color-adjust:none;height:92px;width:272px}:host([single-colored]) #logo{-webkit-mask-image:url(icons/google_logo.svg);-webkit-mask-repeat:no-repeat;-webkit-mask-size:100%;background-color:var(--ntp-logo-color)}:host(:not([single-colored])) #logo{background-image:url(icons/google_logo.svg)}#imageDoodle{cursor:pointer;outline:0}#imageDoodle[tabindex='-1']{cursor:auto}:host([doodle-boxed_]) #imageDoodle{background-color:var(--ntp-logo-box-color);border-radius:20px;padding:16px 24px}:host-context(.focus-outline-visible) #imageDoodle:focus{box-shadow:0 0 0 2px rgba(var(--google-blue-600-rgb),.4)}#imageContainer{display:flex;height:fit-content;position:relative;width:fit-content}#image{max-height:var(--ntp-logo-height);max-width:100%}:host([doodle-boxed_]) #image{max-height:128px}#animation{height:100%;pointer-events:none;position:absolute;width:100%}#doodle{position:relative}#shareButton{background-color:var(--color-new-tab-page-doodle-share-button-background,none);border:none;height:32px;min-width:32px;padding:0;position:absolute;width:32px;bottom:0}:host-context([dir=ltr]) #shareButton{right:-40px}:host-context([dir=rtl]) #shareButton{left:-40px}#shareButtonIcon{width:18px;height:18px;margin:7px;vertical-align:bottom;mask-image:url(chrome://new-tab-page/icons/share_unfilled.svg);background-color:var(--color-new-tab-page-doodle-share-button-i
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000019.00000002.1648511807.000050B40198C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Phttps://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/: equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/feature=ytca equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000013.00000002.1499111675.00003DAC034C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504384393.00003DAC03C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504797990.00003DAC03D14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html equals www.youtube.com (Youtube)
              Source: chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com:443 equals www.youtube.com (Youtube)
              Source: global trafficDNS traffic detected: DNS query: bitbucket.org
              Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
              Source: global trafficDNS traffic detected: DNS query: unbinddas.digital
              Source: global trafficDNS traffic detected: DNS query: x1.i.lencr.org
              Source: global trafficDNS traffic detected: DNS query: www.google.com
              Source: global trafficDNS traffic detected: DNS query: ogads-pa.clients6.google.com
              Source: global trafficDNS traffic detected: DNS query: apis.google.com
              Source: global trafficDNS traffic detected: DNS query: play.google.com
              Source: unknownHTTP traffic detected: POST /qwez HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36Content-Length: 51Host: unbinddas.digital
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clients2.google.com/time/1/current
              Source: chrome.exe, 00000013.00000002.1495583094.00003DAC02D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634466990.000050B4009C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
              Source: 77EC63BDA74BD0D0E0426DC8F80085060.3.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
              Source: chrome.exe, 00000019.00000002.1634807957.000050B400A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1630812230.000050B4000C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.chrome.com/docs/extensions/how-to/distribute/install-extensions)
              Source: chrome.exe, 00000013.00000002.1499147789.00003DAC034D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638312731.000050B401194000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dns-tunnel-check.googlezip.net/connect
              Source: chrome.exe, 00000013.00000002.1491926968.00003DAC02390000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1630620172.000050B400080000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://google.com/
              Source: chrome.exe, 00000019.00000002.1631159948.000050B40013C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.c
              Source: chrome.exe, 00000019.00000002.1637326193.000050B400F88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvNzI0QUFXNV9zT2RvdUw
              Source: chrome.exe, 00000013.00000002.1497761103.00003DAC0329C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1637127318.000050B400F0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
              Source: chromecache_177.20.drString found in binary or memory: http://www.broofa.com
              Source: chrome.exe, 00000013.00000002.1497908847.00003DAC032E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1637238074.000050B400F44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.gstatic.com/generate_204
              Source: 2D85F72862B55C4EADD9E66E06947F3D0.3.drString found in binary or memory: http://x1.i.lencr.org/
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://a-mo.net
              Source: chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org?q=
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/
              Source: chrome.exe, 00000013.00000002.1491155363.00003DAC02230000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1630574176.000050B400030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accountcapabilities-pa.googleapis.com/v1/accountcapabilities:batchGet
              Source: chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1495221036.00003DAC02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504706486.00003DAC03CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648454249.000050B40196C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504706486.00003DAC03CE0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648454249.000050B40196C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AccountChooser
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/AddSession
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/GetCheckConnectionInfo
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ListAccounts?json=standard
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout
              Source: chrome.exe, 00000013.00000003.1387856015.00003DAC0392C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Logout?source=ChromiumBrowser&continue=https://accounts.google.com/chrom
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/RotateBoundCookies
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/chrome/blank.html
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/reauth/chromeos
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/chrome/usermenu
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignin/chromeos
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/kidsignup/chromeos
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/v2/chromeos
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/setup/windows
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/embedded/xreauth/chrome
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop
              Source: chrome.exe, 00000013.00000002.1491225537.00003DAC0225C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1630711277.000050B400088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
              Source: chrome.exe, 00000013.00000002.1491225537.00003DAC0225C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1630711277.000050B400088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxABata
              Source: chromecache_181.20.drString found in binary or memory: https://accounts.google.com/o/oauth2/auth
              Source: chromecache_181.20.drString found in binary or memory: https://accounts.google.com/o/oauth2/postmessageRelay
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1387856015.00003DAC0392C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/o/oauth2/revoke
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1387856015.00003DAC0392C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/oauth/multilogin
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/samlredirect
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/signin/chrome/sync?ssp=1
              Source: chrome.exe, 00000013.00000002.1495221036.00003DAC02C30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com:443
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://acxiom.com
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://adroll.com
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://adsmeasurement.com
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://adtrafficquality.google
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apex-football.com
              Source: chrome.exe, 00000019.00000002.1641817475.000050B401568000.00000004.00000800.00020000.00000000.sdmp, chromecache_181.20.dr, chromecache_177.20.drString found in binary or memory: https://apis.google.com
              Source: chrome.exe, 00000019.00000002.1639999953.000050B401474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1643300658.000050B4015A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.24R2mrw_td8.O/m=gapi_iframes
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://atomex.net
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://audienceproject.com
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1204810917.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341806480.00000000013AB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008E2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157693823.00000000008E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341806480.00000000013AB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.00000000010B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341599298.0000000001417000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341599298.0000000001417000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341599298.0000000001417000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1145497525.00000000008F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1155746125.00000000008F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/6544da31-4ffc-4ef7-929c-ad409ab2ef2f/downloads/21ffe1a0-863b-
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157146364.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1155746125.00000000008F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008EF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/C
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://beaconmax.com
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157693823.00000000008CF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1207208537.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000002.2386804819.0000000000CE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341806480.00000000013AB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341806480.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.00000000010F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157693823.00000000008CF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008C8000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1207208537.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000002.2386804819.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/G
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013D1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341806480.00000000013D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/P
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157693823.00000000008CF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.000000000087E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.0000000000860000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157806496.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/fedormaximofgfdvdc/saxxxax/downloads/chicos.pdf
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1145497525.0000000000932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/fedormaximofgfdvdc/saxxxax/downloads/chicos.pdfB
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157806496.00000000008B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/fedormaximofgfdvdc/saxxxax/downloads/chicos.pdfH
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.00000000010F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/fedormaximofgfdvdc/saxxxax/raw/797c0121c4fd45bacf2e3e7cf71b0a0e2229177b/sccccs
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.00000000010F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/lZ
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1207208537.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000002.2386804819.0000000000CE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/ltKW
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1207208537.0000000000CE6000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000002.2386804819.0000000000CE7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341806480.00000000013AB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/rosoft
              Source: chrome.exe, 00000013.00000002.1496079928.00003DAC02E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634888175.000050B400AA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
              Source: chrome.exe, 00000013.00000003.1422331248.00003DAC02A6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422201261.00003DAC0391C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422419487.00003DAC0396C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422283181.00003DAC0394C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564195511.000050B4016C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564044541.000050B4016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564094594.000050B4006AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1563955382.000050B401690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com
              Source: chrome.exe, 00000013.00000002.1499484422.00003DAC03584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496815363.00003DAC03048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497337274.00003DAC031B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638409406.000050B4011E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636604410.000050B400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635776838.000050B400C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://calendar.google.com/calendar/u/0/r/eventedit?usp=chrome_actions
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1204810917.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341806480.00000000013AB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013AC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.00000000010B2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
              Source: chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: chrome.exe, 00000019.00000003.1539212355.000050B4015B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634425743.000050B40098C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634807957.000050B400A74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
              Source: chrome.exe, 00000019.00000002.1625560488.000001D1E0517000.00000004.08000000.00040000.00000000.sdmp, chrome.exe, 00000019.00000002.1637201128.000050B400F34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648566886.000050B4019AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
              Source: chrome.exe, 00000013.00000003.1421896318.00003DAC0362C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1391702012.00003DAC0363C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1539212355.000050B4015B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreLDDiscover
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymity-pa.googleapis.com/2%
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityauth-pa.googleapis.com/2$
              Source: chrome.exe, 00000013.00000003.1368914626.00003DA8005E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1526560828.000050B0005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromekanonymityquery-pa.googleapis.com/2O
              Source: chrome.exe, 00000013.00000002.1495434091.00003DAC02CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634160312.000050B400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromemodelexecution-pa.googleapis.com/v1:Execute?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
              Source: chrome.exe, 00000013.00000002.1495434091.00003DAC02CD0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634160312.000050B400904000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromemodelquality-pa.googleapis.com/v1:LogAiData?key=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNh
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/events
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
              Source: chrome.exe, 00000013.00000002.1491119372.00003DAC02214000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631416014.000050B4001A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
              Source: chrome.exe, 00000013.00000002.1496127069.00003DAC02E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634948405.000050B400ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/extensions
              Source: chrome.exe, 00000013.00000002.1496127069.00003DAC02E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634948405.000050B400ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/category/themes
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://classroom.googleapis.com/
              Source: chrome.exe, 00000013.00000003.1362968109.000049C8000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1524915879.000076A0000DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/cr/report
              Source: chrome.exe, 00000013.00000002.1491119372.00003DAC02214000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496231353.00003DAC02EAC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497761103.00003DAC0329C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496079928.00003DAC02E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631416014.000050B4001A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638524354.000050B401204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634257306.000050B400934000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634888175.000050B400AA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
              Source: chrome.exe, 00000013.00000002.1495516381.00003DAC02CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634326142.000050B400961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collection-images?rt=b
              Source: chrome.exe, 00000013.00000002.1495516381.00003DAC02CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634326142.000050B400961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/collections?rt=b
              Source: chrome.exe, 00000013.00000002.1495516381.00003DAC02CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634326142.000050B400961000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients3.google.com/cast/chromecast/home/wallpaper/image?rt=b
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients4.google.com/chrome-sync/event
              Source: chromecache_181.20.drString found in binary or memory: https://clients6.google.com
              Source: chrome.exe, 00000013.00000002.1495583094.00003DAC02D48000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634466990.000050B4009C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientservices.googleapis.com/chrome-variations/seed?osname=win&channel=stable&milestone=134
              Source: chromecache_181.20.drString found in binary or memory: https://content.googleapis.com
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://creative-serving.com
              Source: chrome.exe, 00000019.00000002.1632679611.000050B4004F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://csp.withgoogle.com/csp/report-to/gws/none
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dailymotion.com
              Source: chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
              Source: chrome.exe, 00000013.00000002.1498033169.00003DAC03324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/
              Source: chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/:
              Source: chrome.exe, 00000013.00000002.1498033169.00003DAC03324000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499147789.00003DAC034D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500240294.00003DAC03718000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497582778.00003DAC03224000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640140241.000050B4014B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/?usp=installed_webapp
              Source: chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/J
              Source: chrome.exe, 00000013.00000003.1423454783.00003DAC03F40000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/d/1z2sdBwnUF2tSlhl3R2iUlk7gvmSbuLVXOgriPIcJkXQ/preview2K
              Source: chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504384393.00003DAC03C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1502298463.00003DAC038A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500168427.00003DAC03708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639330877.000050B401348000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648511807.000050B40198C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000013.00000002.1500168427.00003DAC03708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_default.com
              Source: chrome.exe, 00000013.00000002.1502298463.00003DAC038A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648511807.000050B40198C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/installwebapp?usp=chrome_defaultult
              Source: chrome.exe, 00000013.00000002.1499484422.00003DAC03584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496815363.00003DAC03048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497337274.00003DAC031B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638409406.000050B4011E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636604410.000050B400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635776838.000050B400C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/document/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000013.00000002.1499484422.00003DAC03584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496815363.00003DAC03048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497337274.00003DAC031B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638409406.000050B4011E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636604410.000050B400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635776838.000050B400C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000019.00000002.1638409406.000050B4011E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/forms/u/0/create?usp=chrome_actionsmmercial
              Source: chrome.exe, 00000013.00000002.1499147789.00003DAC034D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/
              Source: chrome.exe, 00000013.00000002.1497099307.00003DAC03110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/:
              Source: chrome.exe, 00000013.00000002.1499484422.00003DAC03584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1391409999.00003DAC02A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1493638830.00003DAC02A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500168427.00003DAC03708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639330877.000050B401348000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webapp
              Source: chrome.exe, 00000013.00000003.1391409999.00003DAC02A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1493638830.00003DAC02A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webappefault
              Source: chrome.exe, 00000013.00000002.1500168427.00003DAC03708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webappp
              Source: chrome.exe, 00000013.00000003.1391409999.00003DAC02A5C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1493638830.00003DAC02A5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/?usp=installed_webappsageHandler
              Source: chrome.exe, 00000013.00000002.1497099307.00003DAC03110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/J
              Source: chrome.exe, 00000019.00000002.1648511807.000050B40198C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000019.00000002.1638409406.000050B4011E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636604410.000050B400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635776838.000050B400C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/presentation/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000013.00000002.1497938136.00003DAC032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/:
              Source: chrome.exe, 00000013.00000002.1499111675.00003DAC034C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639330877.000050B401348000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/?usp=installed_webapp
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/J
              Source: chrome.exe, 00000013.00000002.1504384393.00003DAC03C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504797990.00003DAC03D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639330877.000050B401348000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648511807.000050B40198C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000013.00000002.1499484422.00003DAC03584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496815363.00003DAC03048000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497337274.00003DAC031B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638409406.000050B4011E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636604410.000050B400DDC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635776838.000050B400C64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000019.00000002.1638409406.000050B4011E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/spreadsheets/u/0/create?usp=chrome_actionsl
              Source: chromecache_181.20.drString found in binary or memory: https://domains.google.com/suggest/flow
              Source: chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-4.corp.google.com/
              Source: chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-5.corp.google.com/
              Source: chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-daily-6.corp.google.com/
              Source: chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-preprod.corp.google.com/
              Source: chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive-staging.corp.google.com/
              Source: chrome.exe, 00000013.00000002.1497938136.00003DAC032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633920244.000050B400864000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/:
              Source: chrome.exe, 00000013.00000002.1497938136.00003DAC032F4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/?lfhs=2
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/J
              Source: chrome.exe, 00000013.00000002.1497862618.00003DAC032C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504384393.00003DAC03C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504797990.00003DAC03D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500168427.00003DAC03708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1637127318.000050B400F24000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639330877.000050B401348000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648511807.000050B40198C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/drive/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/lfhs=2
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1204810917.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.00000000013FB000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ds-cdn.prod-east.frontend.public.atl-paas.net
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1204810917.0000000000D30000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341688890.000000000140E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341786273.0000000001411000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://eloan.co.jp
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://explorefledge.com
              Source: chrome.exe, 00000013.00000003.1391236236.00003DAC039BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1391555868.00003DAC03AB0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1390674709.00003DAC03A58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1555314872.000050B4017BC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1555421062.000050B40182C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1555523837.000050B401728000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.google.com/icons?selected=Material
              Source: chromecache_177.20.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey200-36dp/2x/gm_alert_gm_grey200_3
              Source: chromecache_177.20.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/alert/v11/gm_grey600-36dp/2x/gm_alert_gm_grey600_3
              Source: chromecache_177.20.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey200-24dp/1x/gm_close_gm_grey200_2
              Source: chromecache_177.20.drString found in binary or memory: https://fonts.gstatic.com/s/i/googlematerialicons/close/v19/gm_grey600-24dp/1x/gm_close_gm_grey600_2
              Source: chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/app?q=
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic/intro?20
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glic2
              Source: chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gemini.google.com/glicbm
              Source: chrome.exe, 00000019.00000003.1526560828.000050B0005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/
              Source: chrome.exe, 00000013.00000003.1368914626.00003DA8005E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1526560828.000050B0005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com//c
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-join.fastly-edge.com/2J
              Source: chrome.exe, 00000013.00000003.1368914626.00003DA8005E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1526560828.000050B0005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/2P
              Source: chrome.exe, 00000013.00000003.1368914626.00003DA8005E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1526560828.000050B0005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/
              Source: chrome.exe, 00000013.00000003.1368914626.00003DA8005E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1526560828.000050B0005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Ena
              Source: chrome.exe, 00000013.00000003.1368914626.00003DA8005E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1526560828.000050B0005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/Pre
              Source: chrome.exe, 00000019.00000003.1526560828.000050B0005E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google-ohttp-relay-query.fastly-edge.com/https://chromekanonymityquery-pa.googleapis.com/htt
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1491085630.00003DAC02204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1630493488.000050B400004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
              Source: chrome.exe, 00000013.00000002.1495802718.00003DAC02DE4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634729008.000050B400A4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://googleusercontent.com/
              Source: chrome.exe, 00000013.00000003.1423315906.00003DAC0414C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565142783.000050B401D90000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://goto.google.com/sme-bugs2e
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gunosy.com
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ingereck.net
              Source: chrome.exe, 00000013.00000002.1496978436.00003DAC03090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499964245.00003DAC03694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497694538.00003DAC03268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636839687.000050B400E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635973805.000050B400CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648287090.000050B401930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://keep.google.com/u/0/?usp=chrome_actions#NEWNOTE
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kompaspublishing.nl
              Source: chrome.exe, 00000019.00000002.1632881323.000050B400554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564689549.000050B401708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://labs.google.com/search?source=ntp
              Source: chrome.exe, 00000013.00000003.1422331248.00003DAC02A6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422419487.00003DAC0396C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564195511.000050B4016C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564094594.000050B4006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lens.google.com/gen204
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157693823.00000000008CF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comr
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://m.google.com/devicemanagement/data/api
              Source: chrome.exe, 00000013.00000002.1499147789.00003DAC034D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/:
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/J
              Source: chrome.exe, 00000019.00000002.1648154880.000050B401900000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648511807.000050B40198C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/chat/download?usp=chrome_default
              Source: chrome.exe, 00000013.00000002.1499147789.00003DAC034D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/:
              Source: chrome.exe, 00000019.00000002.1632881323.000050B400554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564689549.000050B401708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?tab=rm&amp;ogbl
              Source: chrome.exe, 00000013.00000002.1499147789.00003DAC034D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1498993234.00003DAC03474000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496079928.00003DAC02E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640140241.000050B4014B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?usp=installed_webapp
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/J
              Source: chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/ebapp
              Source: chrome.exe, 00000013.00000002.1499484422.00003DAC03584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504384393.00003DAC03C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1504797990.00003DAC03D14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639330877.000050B401348000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648511807.000050B40198C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_default
              Source: chrome.exe, 00000013.00000002.1504384393.00003DAC03C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/installwebapp?usp=chrome_defaultdefault
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://metro.co.uk
              Source: chrome.exe, 00000013.00000002.1496631112.00003DAC02FA8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499925108.00003DAC03678000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638936317.000050B4012CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635495823.000050B400BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/?utm_source=ga-chrome-actions&utm_medium=manageGA
              Source: chrome.exe, 00000013.00000002.1498140095.00003DAC0337B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497286202.00003DAC03184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496544098.00003DAC02F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636705280.000050B400E04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1637679003.000050B401014000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635495823.000050B400BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacy
              Source: chrome.exe, 00000013.00000002.1498140095.00003DAC0337B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/data-and-privacy?utm_source=ga-chrome-actions&utm_medium=managePrivacya
              Source: chrome.exe, 00000013.00000002.1498140095.00003DAC0337B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497286202.00003DAC03184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496544098.00003DAC02F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636705280.000050B400E04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1637679003.000050B401014000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635495823.000050B400BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/find-your-phone?utm_source=ga-chrome-actions&utm_medium=findYourPhone
              Source: chrome.exe, 00000019.00000003.1527014132.000050B00065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/shielded-email?utm_source=chrome2B
              Source: chrome.exe, 00000013.00000002.1498140095.00003DAC0337B000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497286202.00003DAC03184000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496544098.00003DAC02F60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636705280.000050B400E04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640482848.000050B401504000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635495823.000050B400BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myaccount.google.com/signinoptions/password?utm_source=ga-chrome-actions&utm_medium=changePW
              Source: chrome.exe, 00000013.00000002.1497099307.00003DAC03110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1387728161.00003DAC0364C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1493508468.00003DAC027D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636182704.000050B400D3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1539659511.000050B401294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://myactivity.google.com/
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nexxen.tech
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oauthaccountmanager.googleapis.com/v1/issuetoken
              Source: chrome.exe, 00000019.00000002.1641817475.000050B401568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogads-pa.clients6.google.com
              Source: chrome.exe, 00000019.00000002.1648566886.000050B4019AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com
              Source: chrome.exe, 00000019.00000002.1641817475.000050B401568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/app/so?eom=1
              Source: chrome.exe, 00000019.00000002.1641817475.000050B401568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ogs.google.com/widget/callout?eom=1
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://open-bid.com
              Source: chrome.exe, 00000013.00000002.1500670762.00003DAC037A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500539231.00003DAC03791000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499344064.00003DAC0353C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500626478.00003DAC0379C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1630893867.000050B4000DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639536536.000050B4013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638224541.000050B401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639962672.000050B401468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
              Source: chrome.exe, 00000013.00000002.1500670762.00003DAC037A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500539231.00003DAC03791000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499344064.00003DAC0353C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500626478.00003DAC0379C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639536536.000050B4013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638224541.000050B401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639962672.000050B401468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAG
              Source: chrome.exe, 00000013.00000002.1500741076.00003DAC037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500539231.00003DAC03791000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499344064.00003DAC0353C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500626478.00003DAC0379C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639536536.000050B4013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640225784.000050B4014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638224541.000050B401174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1679317318&target=OPTIMIZATION_TARGET_LAN
              Source: chrome.exe, 00000013.00000002.1500670762.00003DAC037A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500539231.00003DAC03791000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500626478.00003DAC0379C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639536536.000050B4013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639962672.000050B401468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049402&target=OPTIMIZATION_TARGET_GEO
              Source: chrome.exe, 00000013.00000002.1500670762.00003DAC037A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500539231.00003DAC03791000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499344064.00003DAC0353C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500626478.00003DAC0379C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639536536.000050B4013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638224541.000050B401174000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639962672.000050B401468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695049414&target=OPTIMIZATION_TARGET_NOT
              Source: chrome.exe, 00000013.00000002.1500539231.00003DAC03791000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499344064.00003DAC0353C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500626478.00003DAC0379C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639536536.000050B4013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638224541.000050B401174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1695051229&target=OPTIMIZATION_TARGET_PAG
              Source: chrome.exe, 00000013.00000002.1500741076.00003DAC037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500789045.00003DAC037C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1386666426.00003DAC02EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640225784.000050B4014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640290171.000050B4014E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1696267841&target=OPTIMIZATION_TARGET_OMN
              Source: chrome.exe, 00000013.00000002.1500741076.00003DAC037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499344064.00003DAC0353C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500789045.00003DAC037C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640225784.000050B4014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638224541.000050B401174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1728324084&target=OPTIMIZATION_TARGET_OMN
              Source: chrome.exe, 00000013.00000002.1500741076.00003DAC037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499344064.00003DAC0353C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500789045.00003DAC037C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640225784.000050B4014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638224541.000050B401174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808228&target=OPTIMIZATION_TARGET_GEO
              Source: chrome.exe, 00000013.00000002.1500741076.00003DAC037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499344064.00003DAC0353C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640225784.000050B4014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638224541.000050B401174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739808249&target=OPTIMIZATION_TARGET_NOT
              Source: chrome.exe, 00000013.00000002.1500741076.00003DAC037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500817681.00003DAC037CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500789045.00003DAC037C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1386666426.00003DAC02EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640225784.000050B4014D4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640290171.000050B4014E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=1739894676&target=OPTIMIZATION_TARGET_CLI
              Source: chrome.exe, 00000013.00000002.1500670762.00003DAC037A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500741076.00003DAC037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500626478.00003DAC0379C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639536536.000050B4013AC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=210230727&target=OPTIMIZATION_TARGET_CLIE
              Source: chrome.exe, 00000013.00000002.1500741076.00003DAC037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500817681.00003DAC037CC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1501847885.00003DAC03844000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499344064.00003DAC0353C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500789045.00003DAC037C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1386666426.00003DAC02EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640290171.000050B4014E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638224541.000050B401174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=240731042075&target=OPTIMIZATION_TARGET_S
              Source: chrome.exe, 00000013.00000002.1500741076.00003DAC037B4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1509139590.00003DAC04368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500789045.00003DAC037C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640177591.000050B4014C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640225784.000050B4014D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/downloads?name=5&target=OPTIMIZATION_TARGET_PAGE_TOPICS_
              Source: chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://optimizationguide-pa.googleapis.com/v1:GetHints
              Source: chrome.exe, 00000013.00000003.1422331248.00003DAC02A6C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422419487.00003DAC0396C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422283181.00003DAC0394C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564195511.000050B4016C0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564044541.000050B4016A0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564094594.000050B4006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.office.com/calendar/
              Source: chrome.exe, 00000013.00000002.1496079928.00003DAC02E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634888175.000050B400AA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://passwords.google/
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://people.googleapis.com/
              Source: chromecache_177.20.drString found in binary or memory: https://play.google.com/log?format=json&hasfast=true
              Source: chrome.exe, 00000019.00000002.1626310076.000001D1E0AE7000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/log?format=json&hasfast=trueation
              Source: chromecache_181.20.drString found in binary or memory: https://plus.google.com
              Source: chromecache_181.20.drString found in binary or memory: https://plus.googleapis.com
              Source: chrome.exe, 00000013.00000002.1497099307.00003DAC03110000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1387728161.00003DAC0364C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1493508468.00003DAC027D0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636182704.000050B400D3C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1539659511.000050B401294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://policies.google.com/
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://postrelease.com
              Source: chrome.exe, 00000013.00000002.1495221036.00003DAC02C70000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634057433.000050B4008C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.aws.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
              Source: chrome.exe, 00000019.00000002.1634057433.000050B4008C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://publickeyservice.pa.gcp.privacysandboxservices.com/.well-known/protected-auction/v1/public-k
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341599298.0000000001417000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000003.1341599298.0000000001417000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.0000000001148000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
              Source: chrome.exe, 00000013.00000002.1491589129.00003DAC022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633067719.000050B4005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/clientreport/chrome-sct-auditing
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://samplicio.us
              Source: chrome.exe, 00000013.00000002.1491589129.00003DAC022DC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1630711277.000050B400088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sctauditing-pa.googleapis.com/v1/knownscts/length/$1/prefix/$2?key=AIzaSyA2KlwBX3mkFo30om9LU
              Source: chrome.exe, 00000013.00000002.1497908847.00003DAC032E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1637201128.000050B400F34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://securitydomain-pa.googleapis.com/v1/
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://semafor.com
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shieldedids-pa.googleapis.comb
              Source: chrome.exe, 00000013.00000002.1496978436.00003DAC03090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1499964245.00003DAC03694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497694538.00003DAC03268000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636839687.000050B400E58000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635973805.000050B400CC0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648287090.000050B401930000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sites.google.com/u/0/create?usp=chrome_actions
              Source: chrome.exe, 00000019.00000002.1632881323.000050B400554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564689549.000050B401708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com/gb/images/bar/al-icon.png
              Source: chrome.exe, 00000013.00000002.1493723929.00003DAC02AB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633628427.000050B400714000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome?p=desktop_tab_groups
              Source: chrome.exe, 00000013.00000002.1497908847.00003DAC032E8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1637238074.000050B400F44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t0.gstatic.com/faviconV2
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://taboola.com
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tasks.googleapis.com/
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://torneos.gg
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tya-dev.com
              Source: RegSvcs.exe, 00000012.00000002.2387430434.0000000000FF4000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000018.00000002.2389348382.0000000001716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/
              Source: RegSvcs.exe, 00000012.00000002.2387430434.0000000000FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/0
              Source: RegAsm.exe, 00000018.00000002.2389348382.0000000001716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/PR
              Source: RegAsm.exe, 00000007.00000002.2389108194.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/S_3
              Source: RegAsm.exe, 00000018.00000002.2389348382.0000000001716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/W
              Source: RegAsm.exe, 00000007.00000002.2389108194.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/h=S
              Source: RegAsm.exe, 00000018.00000002.2388948832.0000000001709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/qwez
              Source: RegSvcs.exe, 00000012.00000002.2388496434.0000000001053000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/qwezA
              Source: RegAsm.exe, 00000018.00000002.2388948832.0000000001709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/qwezI
              Source: RegAsm.exe, 00000007.00000002.2388895214.0000000000C8D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/qwezM
              Source: RegAsm.exe, 00000018.00000002.2388948832.0000000001709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/qwezOv
              Source: RegAsm.exe, 00000018.00000002.2388948832.0000000001709000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/qwezV
              Source: RegAsm.exe, 00000007.00000002.2389108194.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/s=
              Source: RegAsm.exe, 00000018.00000002.2389348382.0000000001716000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/sers
              Source: RegAsm.exe, 00000007.00000002.2389108194.0000000000CA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/t
              Source: RegSvcs.exe, 00000012.00000002.2387430434.0000000000FF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital/x
              Source: RegSvcs.exe, 00000012.00000002.2386209407.0000000000FD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unbinddas.digital:443/qwez
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1145497525.0000000000932000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1145497525.00000000008EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1145497525.00000000008F3000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1205439450.0000000000D39000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1204810917.0000000000D30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1205439450.0000000000D39000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1204810917.0000000000D30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website$
              Source: chromecache_181.20.drString found in binary or memory: https://workspace.google.com/:session_prefix:marketplace/appfinder?usegapi=1
              Source: ReaderMessages.1.drString found in binary or memory: https://www.adobe.co
              Source: chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/v20Y&
              Source: chrome.exe, 00000019.00000003.1539212355.000050B4015B0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634807957.000050B400A74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1539659511.000050B401294000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
              Source: chrome.exe, 00000013.00000002.1499964245.00003DAC03694000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1647994351.000050B4018C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/ddljson?async=ntp:2
              Source: chrome.exe, 00000013.00000002.1503507895.00003DAC03B7C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1648566886.000050B4019AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/async/newtab_promos
              Source: chrome.exe, 00000013.00000002.1496079928.00003DAC02E60000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634888175.000050B400AA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/#safe
              Source: chrome.exe, 00000013.00000002.1496127069.00003DAC02E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634948405.000050B400ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-features/
              Source: chrome.exe, 00000013.00000002.1496127069.00003DAC02E9C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634948405.000050B400ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/browser-tools/
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/go-mobile/?ios-campaign=desktop-chr-ntp&android-campaign=desktop-chr-n
              Source: chrome.exe, 00000013.00000002.1504079384.00003DAC03C14000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497386185.00003DAC031C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496978436.00003DAC03090000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1636793603.000050B400E44000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635659674.000050B400C20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/chrome/tips/
              Source: chrome.exe, 00000013.00000002.1493076656.00003DAC026E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1497617726.00003DAC03244000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1491898842.00003DAC02384000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1493723929.00003DAC02AB8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1495516381.00003DAC02CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1500168427.00003DAC03708000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634326142.000050B400961000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633696508.000050B400794000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631348432.000050B40018C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1643769704.000050B401604000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633628427.000050B400714000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_alldp.ico
              Source: chrome.exe, 00000019.00000002.1632881323.000050B400554000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564689549.000050B401708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/imghp?hl=en&amp;tab=ri&amp;ogbl
              Source: chrome.exe, 00000019.00000002.1641817475.000050B401568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/intl/en/about/products?tab=rh
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
              Source: chrome.exe, 00000019.00000002.1626454414.000001D1E0B1D000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.google.com/speech-api/v2/synthesize?enc=mpeg&client=chromium
              Source: chrome.exe, 00000013.00000002.1494991554.00003DAC02B74000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1633067719.000050B4005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit
              Source: chrome.exe, 00000019.00000002.1633067719.000050B4005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/tools/feedback/chrome/__submit7E
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/
              Source: chromecache_181.20.drString found in binary or memory: https://www.googleapis.com/auth/plus.me
              Source: chromecache_181.20.drString found in binary or memory: https://www.googleapis.com/auth/plus.people.recommended
              Source: chrome.exe, 00000013.00000003.1369428396.00003DA80065C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1527014132.000050B00065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager
              Source: chrome.exe, 00000013.00000003.1422841138.00003DA80073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1423454783.00003DAC03EE8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565225497.000050B00073C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1565423094.000050B401B2C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.manager2
              Source: chrome.exe, 00000013.00000003.1369428396.00003DA80065C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1527014132.000050B00065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerForcedOn_PlusAddressAndroidOpenGmsCoreManagementP
              Source: chrome.exe, 00000013.00000003.1369428396.00003DA80065C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1527014132.000050B00065C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/auth/shieldedids.managerPlusAddressOfferCreationIfPasswordFieldIsNotVisib
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v1/userinfo
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v2/tokeninfo
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/oauth2/v4/token
              Source: chrome.exe, 00000013.00000002.1492674067.00003DAC02404000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1387856015.00003DAC0392C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631758075.000050B400204000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/reauth/v1beta/users/
              Source: chrome.exe, 00000019.00000002.1630711277.000050B400088000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634425743.000050B40098C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/chrome/intelligence/assist/ranker/models/translate/2017/03/translate_ranker_
              Source: chromecache_177.20.drString found in binary or memory: https://www.gstatic.com/gb/html/afbp.html
              Source: chromecache_177.20.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_medium.css
              Source: chromecache_177.20.drString found in binary or memory: https://www.gstatic.com/images/icons/material/anim/mspin/mspin_googcolor_small.css
              Source: chrome.exe, 00000019.00000003.1564578066.000050B401ACC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/1x/broken_image_grey600_18dp.png
              Source: chrome.exe, 00000013.00000002.1506198385.00003DAC03E04000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422600753.00003DAC03A30000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422947951.00003DAC03E64000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1422629911.00003DAC03D98000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564619247.000050B401AD4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1555182422.000050B4017A8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564526447.000050B401A34000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564834971.000050B401ABC000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1649161743.000050B401A84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1564578066.000050B401ACC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/images/icons/material/system/2x/broken_image_grey600_18dp.png
              Source: chrome.exe, 00000019.00000002.1641817475.000050B401568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/js/k=og.qtm.en_US.jqdIqvbJp8E.2019.O/rt=j/m=q_dnp
              Source: chrome.exe, 00000019.00000002.1641817475.000050B401568000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/og/_/ss/k=og.qtm.9A4Zhe6nQ4Q.L.W.O/m=qmd
              Source: chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/:
              Source: chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492712313.00003DAC02430000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639798589.000050B401424000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1640091067.000050B40149C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/?feature=ytca
              Source: chrome.exe, 00000013.00000002.1496592322.00003DAC02F8C000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632637638.000050B4004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/J
              Source: chrome.exe, 00000013.00000002.1499596145.00003DAC035C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/feature=ytca
              Source: chrome.exe, 00000019.00000002.1648511807.000050B40198C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/s/notifications/manifest/cr_install.html
              Source: chrome.exe, 00000019.00000002.1637430294.000050B400FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yieldlab.net
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
              Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49686 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
              Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49686
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49685
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49684
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49683
              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49672
              Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49683 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
              Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49685 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
              Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
              Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49684 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownHTTPS traffic detected: 104.192.142.25:443 -> 192.168.2.9:49683 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 52.216.29.196:443 -> 192.168.2.9:49684 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.192.142.25:443 -> 192.168.2.9:49685 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49686 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49693 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.192.142.25:443 -> 192.168.2.9:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49710 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49713 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.192.142.24:443 -> 192.168.2.9:49729 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49740 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49742 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49758 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49760 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49768 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49769 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49770 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49771 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49772 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49773 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.172.163:443 -> 192.168.2.9:49775 version: TLS 1.2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00440FC0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,7_2_00440FC0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_02D21000 EntryPoint,GetClipboardSequenceNumber,Sleep,Sleep,OpenClipboard,GetClipboardData,GlobalLock,GetClipboardSequenceNumber,GlobalAlloc,GlobalLock,GetClipboardSequenceNumber,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,GlobalUnlock,GetClipboardSequenceNumber,Sleep,CloseClipboard,GetClipboardSequenceNumber,7_2_02D21000
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 18_2_03381000 Sleep,OpenClipboard,GetClipboardData,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,GlobalUnlock,CloseClipboard,18_2_03381000
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_038F1000 Sleep,OpenClipboard,GetClipboardData,GlobalLock,GlobalAlloc,GlobalLock,GlobalUnlock,EmptyClipboard,SetClipboardData,GlobalFree,GlobalUnlock,CloseClipboard,24_2_038F1000
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00440FC0 OpenClipboard,GetClipboardData,GlobalLock,GetWindowRect,GlobalUnlock,CloseClipboard,7_2_00440FC0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00441605 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SelectObject,DeleteDC,ReleaseDC,DeleteObject,7_2_00441605
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_004065100_2_00406510
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00406A000_2_00406A00
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_0044A0100_2_0044A010
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_004583A80_2_004583A8
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_004475DE0_2_004475DE
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_004415B50_2_004415B5
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_004518E40_2_004518E4
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00456A2B0_2_00456A2B
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00442E200_2_00442E20
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00404F300_2_00404F30
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000A20F02_2_000A20F0
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000A65102_2_000A6510
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000A6A002_2_000A6A00
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000A4F302_2_000A4F30
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000EA0102_2_000EA010
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000F83A82_2_000F83A8
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000E15B52_2_000E15B5
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000E75DE2_2_000E75DE
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000F18E42_2_000F18E4
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000F6A2B2_2_000F6A2B
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000E2E202_2_000E2E20
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004300007_2_00430000
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0042C1667_2_0042C166
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0040D97E7_2_0040D97E
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0040B2707_2_0040B270
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041234F7_2_0041234F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004514907_2_00451490
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004375457_2_00437545
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00437D657_2_00437D65
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004205D07_2_004205D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041A5AB7_2_0041A5AB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004195B07_2_004195B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004286307_2_00428630
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004167507_2_00416750
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004157B27_2_004157B2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004130017_2_00413001
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004330007_2_00433000
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004450007_2_00445000
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043F0C87_2_0043F0C8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004040827_2_00404082
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004378977_2_00437897
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004510907_2_00451090
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004088A07_2_004088A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004139407_2_00413940
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004231447_2_00423144
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043996C7_2_0043996C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004399727_2_00439972
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041B9087_2_0041B908
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004249107_2_00424910
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041E9DB7_2_0041E9DB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0040FA107_2_0040FA10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00434A1F7_2_00434A1F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041D28E7_2_0041D28E
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00425A907_2_00425A90
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00414B637_2_00414B63
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043B3707_2_0043B370
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041E3207_2_0041E320
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004133347_2_00413334
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041DBCF7_2_0041DBCF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041E9DB7_2_0041E9DB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004023807_2_00402380
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004143817_2_00414381
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0042D3827_2_0042D382
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004083907_2_00408390
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041CB9C7_2_0041CB9C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00433C547_2_00433C54
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0042247F7_2_0042247F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00438C027_2_00438C02
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00409C107_2_00409C10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043DC267_2_0043DC26
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00410CC67_2_00410CC6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043E4E07_2_0043E4E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041E4E57_2_0041E4E5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043BC897_2_0043BC89
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004274917_2_00427491
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041FC9A7_2_0041FC9A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004455407_2_00445540
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00422D6C7_2_00422D6C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004295707_2_00429570
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00440D107_2_00440D10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004335E07_2_004335E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0040E5F07_2_0040E5F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00423D827_2_00423D82
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0040C5907_2_0040C590
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043859A7_2_0043859A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043FE717_2_0043FE71
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00433E767_2_00433E76
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00402E007_2_00402E00
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00411E0F7_2_00411E0F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00415E107_2_00415E10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041C6167_2_0041C616
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00408E307_2_00408E30
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00430E347_2_00430E34
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0040E6C07_2_0040E6C0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00438ECD7_2_00438ECD
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0040BEE07_2_0040BEE0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004076A07_2_004076A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043C75F7_2_0043C75F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_00428F107_2_00428F10
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043BFC17_2_0043BFC1
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0041E7D47_2_0041E7D4
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004367807_2_00436780
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004307947_2_00430794
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004037A07_2_004037A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004457A07_2_004457A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_004407A07_2_004407A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_02D211E07_2_02D211E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 18_2_0044602018_2_00446020
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 18_2_0044900018_2_00449000
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 18_2_0044F2AD18_2_0044F2AD
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 18_2_0044CB4218_2_0044CB42
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 18_2_0044C2E418_2_0044C2E4
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 18_2_033811E018_2_033811E0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_004508A024_2_004508A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044D03C24_2_0044D03C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044DD3724_2_0044DD37
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_0044AA5324_2_0044AA53
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_038F11E024_2_038F11E0
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: String function: 000E1930 appears 47 times
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: String function: 00441930 appears 46 times
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 004195A0 appears 88 times
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: String function: 0040AC50 appears 59 times
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@61/65@24/12
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 7_2_0043F0C8 CoCreateInstance,7_2_0043F0C8
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\QI6Y9C7H\chicos[1].pdfJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMutant created: \Sessions\1\BaseNamedObjects\AutoStartupInstanceMutex
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeFile created: C:\Users\user\AppData\Local\Temp\chicos.pdfJump to behavior
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: chrome.exe, 00000013.00000002.1495146967.00003DAC02C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632881323.000050B400554000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 45;
              Source: chrome.exe, 00000013.00000002.1495146967.00003DAC02C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632881323.000050B400554000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '756F6A466879157E';
              Source: chrome.exe, 00000013.00000002.1499762453.00003DAC0361D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1386666426.00003DAC02EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492023254.00003DAC023B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639414449.000050B401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1631083915.000050B400112000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'AD411B741D0DA012' AND metrics.metric_value > 0;
              Source: chrome.exe, 00000013.00000002.1495146967.00003DAC02C2A000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1635409914.000050B400B84000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE psl_extensions (domain VARCHAR NOT NULL, UNIQUE (domain));
              Source: chrome.exe, 00000013.00000002.1495146967.00003DAC02C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632881323.000050B400554000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(metric_value) FROM metrics WHERE metrics.metric_hash = 'CE71BF280B4EB4B5' AND metrics.metric_value > 120;
              Source: chrome.exe, 00000013.00000002.1499762453.00003DAC0361D000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1386666426.00003DAC02EF4000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1492023254.00003DAC023B8000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639414449.000050B401368000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1634856289.000050B400A94000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(DISTINCT CAST((event_timestamp / 1000000 / 60 / 10) AS int)) FROM metrics WHERE metrics.metric_hash = 'B4CFE8741404B691' AND metrics.metric_value > 0;
              Source: chrome.exe, 00000013.00000002.1495146967.00003DAC02C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632881323.000050B400554000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '19E16122849E343B';
              Source: chrome.exe, 00000013.00000002.1499484422.00003DAC03584000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1639414449.000050B401368000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT COUNT(id) FROM metrics WHERE metrics.metric_hash = '64BD7CCE5A95BF00';
              Source: chrome.exe, 00000013.00000002.1495146967.00003DAC02C10000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1632881323.000050B400554000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '79964621D357AB88';
              Source: chrome.exe, 00000013.00000002.1495516381.00003DAC02CF0000.00000004.00000800.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1638524354.000050B401204000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT IFNULL(SUM(metrics.metric_value), 0) FROM metrics WHERE metrics.metric_hash = '534661B278B11BD';
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeVirustotal: Detection: 34%
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeReversingLabs: Detection: 36%
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe"
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\chicos.pdf"
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe "C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe"
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2224 --field-trial-handle=1568,i,11324995402094139169,9242142557487277708,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe "C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe"
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,12694421333245703449,3129680459386723953,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2716 /prefetch:3
              Source: unknownProcess created: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe "C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe"
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2452,i,14918483231782066404,16312370181647215782,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2548 /prefetch:3
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\chicos.pdf"Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe "C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe" Jump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2224 --field-trial-handle=1568,i,11324995402094139169,9242142557487277708,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8Jump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess created: unknown unknownJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2380,i,12694421333245703449,3129680459386723953,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2716 /prefetch:3
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2452,i,14918483231782066404,16312370181647215782,262144 --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2548 /prefetch:3
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: policymanager.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: msvcp110_win.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wininet.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: iertutil.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: iphlpapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: mswsock.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: winnsi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: dpapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: msasn1.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: gpapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: urlmon.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: srvcli.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: netutils.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: dnsapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: fwpuclnt.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: rasadhlp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: schannel.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: mskeyprotect.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ntasn1.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ncrypt.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ncryptsslp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wininet.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: iertutil.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: sspicli.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: profapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: iphlpapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: mswsock.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: winnsi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: dpapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: msasn1.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: cryptsp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: rsaenh.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: cryptbase.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: gpapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: urlmon.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: srvcli.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: netutils.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: dnsapi.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: rasadhlp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: fwpuclnt.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: schannel.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: mskeyprotect.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ntasn1.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ncrypt.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: ncryptsslp.dll
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeSection loaded: apphelp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: apphelp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: aclayers.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mpr.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sfc_os.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: windows.storage.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wldp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winhttp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: webio.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mswsock.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: iphlpapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: winnsi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: sspicli.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dnsapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: fwpuclnt.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rasadhlp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: schannel.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: mskeyprotect.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ntasn1.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncrypt.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ncryptsslp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: msasn1.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptsp.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: rsaenh.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: cryptbase.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: gpapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: uxtheme.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: dpapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: amsi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: userenv.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: profapi.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: version.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSection loaded: ondemandconnroutehelper.dll
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00404760 LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00404760
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_004413DC push ecx; ret 0_2_004413EF
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000E13DC push ecx; ret 2_2_000E13EF
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000AC786 pushad ; iretd 2_2_000AC78D
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 14_2_012F8409 push ss; iretd 14_2_012F840A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeCode function: 24_2_00450DFD pushfd ; ret 24_2_00450E05
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00406A00 GetTempPathA,GetFileAttributesA,LoadLibraryA,LoadLibraryA,FreeLibrary,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,GetProcAddress,FreeLibrary,FreeLibrary,FreeLibrary,URLDownloadToFileA,FreeLibrary,FreeLibrary,FreeLibrary,ShellExecuteA,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,FreeLibrary,std::ios_base::_Ios_base_dtor,0_2_00406A00
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeFile created: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeJump to dropped file
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AutoStartAppJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AutoStartAppJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000A20F0 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,FreeLibrary,FreeLibrary,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,InternetOpenA,InternetOpenUrlA,FreeLibrary,InternetReadFile,InternetReadFile,FreeLibrary,2_2_000A20F0
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: FirmwareTableInformation
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeSystem information queried: FirmwareTableInformation
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 5925
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 4991
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWindow / User API: threadDelayed 4224
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 7536Thread sleep time: -210000s >= -30000s
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 9000Thread sleep count: 5925 > 30
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 5880Thread sleep time: -210000s >= -30000s
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe TID: 8572Thread sleep count: 4224 > 30
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeLast function: Thread delayed
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeLast function: Thread delayed
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeLast function: Thread delayed
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeLast function: Thread delayed
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeLast function: Thread delayed
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00454633 FindFirstFileExW,0_2_00454633
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000F4633 FindFirstFileExW,2_2_000F4633
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E10C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003_Classes\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}\InProcServer32Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total P
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157806496.00000000008B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW `
              Source: chrome.exe, 00000019.00000002.1636839687.000050B400E58000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
              Source: RegSvcs.exe, 00000012.00000002.2385473563.0000000000FBC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD00B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1623967186.000001D1DCA77000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1569619048.000001D1DCAA1000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1624273540.000001D1DCAA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD00B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus PipeslX
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.000000000087E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000002.1162020958.00000000008E2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157806496.000000000088D000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000000.00000003.1157693823.00000000008E2000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000002.2385166893.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000003.1207208537.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000002.00000002.2386804819.0000000000D24000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 00000007.00000002.2387710745.0000000000C46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: chrome.exe, 00000019.00000002.1623967186.000001D1DCA85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipes
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB286000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual ProcessorCL
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB22D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V faclbykdsbqrmsf Bus=
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E10A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisori
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD025000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1626767951.000001D1E1040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V faclbykdsbqrmsf Bus Pipes
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD025000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1626767951.000001D1E1068000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD00B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1569619048.000001D1DCAF6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1624273540.000001D1DCAF6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1623967186.000001D1DCA10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partition
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor,
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD025000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1626767951.000001D1E10A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E10C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003_Classes\CLSID\{7EFA68C6-086B-43e1-A2D2-55A113531240}\InProcServer32rtupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA ,
              Source: chrome.exe, 00000013.00000003.1420190702.000001EDAD091000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415388474.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1412667887.000001EDAD08F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1417869574.000001EDAD08F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415746824.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000002.1478424470.000001EDAD097000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1414935093.000001EDAD0B5000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415606780.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415239606.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1420877089.000001EDAD097000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sted TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervis
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD00B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1626767951.000001D1E10A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VHyper-V Dynamic Memory Integration Service
              Source: chrome.exe, 00000019.00000002.1649041155.000050B401A14000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=695ced78-f847-4bf3-943d-4d587e99945a
              Source: chrome.exe, 00000019.00000002.1624273540.000001D1DCAB5000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1569619048.000001D1DCAB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partitionll=
              Source: chrome.exe, 00000019.00000003.1569619048.000001D1DCAF6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1624273540.000001D1DCAF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid PartitionV^
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E10C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003_Classes\Directory\background\shellex\ContextMenuHandlers\Sharing32e6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Tim
              Source: chrome.exe, 00000019.00000002.1623967186.000001D1DCA10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipes
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partition~n
              Source: chrome.exe, 00000019.00000003.1564142772.000001D1E1124000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time48
              Source: chrome.exe, 00000019.00000003.1569619048.000001D1DCAF6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1624273540.000001D1DCAF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus PipesszU
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD00B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processorc.sys/
              Source: chrome.exe, 00000019.00000003.1569538866.000001D1E116A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1626767951.000001D1E116A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1569335786.000001D1E116A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hard
              Source: chrome.exe, 00000019.00000003.1564253659.000001D1E10CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total P
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1623967186.000001D1DCA85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Virtual Machine Bus Pipesso
              Source: chrome.exe, 00000019.00000002.1637127318.000050B400F0C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=695ced78-f847-4bf3-943d-4d587e99945a
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD00B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processoru
              Source: chrome.exe, 00000019.00000002.1623967186.000001D1DCA77000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V faclbykdsbqrmsf Bus
              Source: chrome.exe, 00000019.00000003.1564253659.000001D1E10CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Tim
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V HypervisorG
              Source: chrome.exe, 00000019.00000002.1623967186.000001D1DCA85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
              Source: chrome.exe, 00000019.00000002.1623967186.000001D1DCA85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus PipesP
              Source: chrome.exe, 00000019.00000003.1568894395.000001D1E116D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Costain
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AlDHyper-V Virtual Machine Bus PipesVo
              Source: RegAsm.exe, 00000007.00000002.2385772889.0000000000C05000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@E
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E10A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processordll
              Source: chrome.exe, 00000013.00000003.1420190702.000001EDAD091000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415388474.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1412667887.000001EDAD08F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1417869574.000001EDAD08F000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415746824.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1414935093.000001EDAD0B5000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415606780.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415239606.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1420877089.000001EDAD097000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Proc
              Source: chrome.exe, 00000019.00000002.1648325949.000050B401948000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD00B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1569619048.000001D1DCAA1000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1624273540.000001D1DCAA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E1068000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition
              Source: chrome.exe, 00000013.00000002.1504509412.00003DAC03C90000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=7957d465-edad-48f4-b01f-9019496cb302
              Source: chrome.exe, 00000019.00000002.1624273540.000001D1DCAB5000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1569619048.000001D1DCAB5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD025000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1626767951.000001D1E10A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THyper-V Hypervisor Root Virtual Processor
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root PartitionHo
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: JHyper-V Hypervisor Logical Processor
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD025000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Partitiont
              Source: chrome.exe, 00000019.00000003.1530923588.000050B400300000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware20,1(
              Source: chrome.exe, 00000019.00000002.1623967186.000001D1DCA85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DHyper-V Hypervisor Root Partition2
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD00B000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1626767951.000001D1E1040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Hyper-V Hypervisor
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD025000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 2Hyper-V VM Vid Partition.dllO
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD025000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V VM Vid Partition<
              Source: RegAsm.exe, 00000007.00000002.2387710745.0000000000C3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!
              Source: chrome.exe, 00000019.00000002.1622690406.000001D1D8E65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: chrome.exe, 00000019.00000002.1623967186.000001D1DCA85000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sWDHyper-V Hypervisor Root Partitionui;
              Source: chrome.exe, 00000013.00000002.1476613666.000001EDA750B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllCC
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E10A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Dynamic Memory Integration Service<
              Source: RegAsm.exe, 00000018.00000002.2388374341.00000000016B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWHAk
              Source: chrome.exe, 00000013.00000003.1415047284.000001EDAD079000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415803392.000001EDAD079000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415448034.000001EDAD079000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot
              Source: chrome.exe, 00000013.00000003.1415388474.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415746824.000001EDAD0BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervis
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E10C7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \REGISTRY\USER\S-1-5-21-2246122658-3693405117-2476756634-1003_Classes\CLSID\{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}\InProcServer32Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Tim
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E10A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Root Virtual Processor0
              Source: chrome.exe, 00000019.00000003.1564253659.000001D1E10CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sted TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Tim
              Source: chrome.exe, 00000013.00000003.1415803392.000001EDAD079000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000013.00000003.1415448034.000001EDAD079000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: /sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flushes Base4972Hyper-V Hypervisor Root Virtual Processor4974Total Run Time4976Hypervisor Run Time4978Remote Node Run Time4980Normalized Run Time4982Ideal Cpu4984Hypercalls/sec4986Hypercalls Cost4988Page Invalidations/sec4990Page Invalidations Cost4992Control Register Accesses/sec4994Control Register Accesses Cost4996IO Instructions/sec4998IO Instructions Cost5000HLT Instructions/sec5002HLT Instructions Cost5004MWAIT Instructions/sec5006MWAIT Instructions Cost5008CPUID Instructions/sec5010CPUID Instructions Cost5012MSR Accesses/sec5014MSR Accesses Cost5016Other Intercepts/sec5018Other Intercepts Cost5020External Interrupts/sec5022External Interrupts Cost5024Pending Interrupts/sec5026Pending Interrupts Cost5028Emulated Instructions/sec5030Emulated Instructions Cost
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E10A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: NXTVMWare
              Source: chrome.exe, 00000013.00000002.1504509412.00003DAC03C90000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: le\Chrome\User Data\Default\Download Service\Files\29760a13-a42e-460b-8e70-06f7fc54e0a8USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=7957d465-edad-48f4-b01f-9019496cb302
              Source: chrome.exe, 00000013.00000002.1477778890.000001EDAB2A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Virtual Machine Bus Pipesu
              Source: chrome.exe, 00000019.00000003.1569619048.000001D1DCAA1000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1624273540.000001D1DCAA2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processort.sys
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 0000000E.00000002.2384344117.0000000001361000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWH)@
              Source: chrome.exe, 00000019.00000002.1626767951.000001D1E1035000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6242WorkflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD00B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor Logical Processor
              Source: chrome.exe, 00000019.00000003.1564253659.000001D1E10CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA ,
              Source: chrome.exe, 00000019.00000003.1569619048.000001D1DCAF6000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000002.1624273540.000001D1DCAF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V Hypervisor
              Source: chrome.exe, 00000019.00000002.1637127318.000050B400F0C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=695ced78-f847-4bf3-943d-4d587e99945a0
              Source: SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe, 00000015.00000002.2385404049.00000000010DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW@
              Source: chrome.exe, 00000013.00000002.1478424470.000001EDAD025000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: X2Hyper-V VM Vid Partition.dll
              Source: chrome.exe, 00000019.00000003.1568821829.000001D1E116A000.00000004.00000020.00020000.00000000.sdmp, chrome.exe, 00000019.00000003.1568613645.000001D1E116A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: kflowServiceHost 4.0.0.06244Workflows Created6246Workflows Created Per Second6248Workflows Executing6250Workflows Completed6252Workflows Completed Per Second6254Workflows Aborted6256Workflows Aborted Per Second6258Workflows In Memory6260Workflows Persisted6262Workflows Persisted Per Second6264Workflows Terminated6266Workflows Terminated Per Second6268Workflows Loaded6270Workflows Loaded Per Second6272Workflows Unloaded6274Workflows Unloaded Per Second6276Workflows Suspended6278Workflows Suspended Per Second6280Workflows Idle Per Second6282Average Workflow Load Time6284Average Workflow Load Time Base6286Average Workflow Persist Time6288Average Workflow Persist Time Base6324Terminal Services6326Active Sessions6328Inactive Sessions6330Total Sessions4806Hyper-V Hypervisor Logical Processor4808Global Time4810Total Run Time4812Hypervisor Run Time4814Hardware Interrupts/sec4816Context Switches/sec4818Inter-Processor Interrupts/sec4820Scheduler Interrupts/sec4822Timer Interrupts/sec4824Inter-Processor Interrupts Sent/sec4826Processor Halts/sec4828Monitor Transition Cost4830Context Switch Time4832C1 Transitions/sec4834% C1 Time4836C2 Transitions/sec4838% C2 Time4840C3 Transitions/sec4842% C3 Time4844Frequency4846% of Max Frequency4848Parking Status4850Processor State Flags4852Root Vp Index4854Idle Sequence Number4856Global TSC Count4858Active TSC Count4860Idle Accumulation4862Reference Cycle Count 04864Actual Cycle Count 04866Reference Cycle Count 14868Actual Cycle Count 14870Proximity Domain Id4872Posted Interrupt Notifications/sec4874Hypervisor Branch Predictor Flushes/sec4876Hypervisor L1 Data Cache Flushes/sec4878Hypervisor Immediate L1 Data Cache Flushes/sec4880Hypervisor Microarchitectural Buffer Flushes/sec4882Counter Refresh Sequence Number4884Counter Refresh Reference Time4886Idle Accumulation Snapshot4888Active Tsc Count Snapshot4890HWP Request MSR Context Switches/sec4892Guest Run Time4894Idle Time4896% Total Run Time4898% Hypervisor Run Time4900% Guest Run Time4902% Idle Time4904Total Interrupts/sec4788Hyper-V Hypervisor4790Logical Processors4792Partitions4794Total Pages4796Virtual Processors4798Monitored Notifications4800Modern Standby Entries4802Platform Idle Transitions4804HypervisorStartupCost4906Hyper-V Hypervisor Root Partition4908Virtual Processors4910Virtual TLB Pages4912Address Spaces4914Deposited Pages4916GPA Pages4918GPA Space Modifications/sec4920Virtual TLB Flush Entires/sec4922Recommended Virtual TLB Size49244K GPA pages49262M GPA pages49281G GPA pages4930512G GPA pages49324K device pages49342M device pages49361G device pages4938512G device pages4940Attached Devices4942Device Interrupt Mappings4944I/O TLB Flushes/sec4946I/O TLB Flush Cost4948Device Interrupt Errors4950Device DMA Errors4952Device Interrupt Throttle Events4954Skipped Timer Ticks4956Partition Id4958Nested TLB Size4960Recommended Nested TLB Size4962Nested TLB Free List Size4964Nested TLB Trimmed Pages/sec4966Pages Shattered/sec4968Pages Recombined/sec4970I/O TLB Flus
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeAPI call chain: ExitProcess graph end nodegraph_7-19535
              Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 18_2_0044C8A0 LdrInitializeThunk,18_2_0044C8A0
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00449131 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00449131
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00404760 LoadLibraryA,GetProcAddress,FreeLibrary,0_2_00404760
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00449131 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00449131
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00441CD9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00441CD9
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000E9131 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_000E9131
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000E1CD9 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_000E1CD9

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Allocates memory in foreign processes
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and write
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 protect: page execute and read and write
              Contains functionality to inject code into remote processes
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 2_2_000A20F0 LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateProcessA,Wow64GetThreadContext,ReadProcessMemory,VirtualAllocEx,TerminateProcess,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,Wow64SetThreadContext,ResumeThread,FreeLibrary,FreeLibrary,FreeLibrary,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,InternetOpenA,InternetOpenUrlA,FreeLibrary,InternetReadFile,InternetReadFile,FreeLibrary,2_2_000A20F0
              Injects a PE file into a foreign processes
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5A
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000 value starts with: 4D5A
              Writes to foreign memory regions
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 453000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 456000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 464000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 743008Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 453000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 456000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 464000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: C03008
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 400000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 401000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 453000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 456000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 464000
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe base: 102C008
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\AppData\Local\Temp\chicos.pdf"Jump to behavior
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe "C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"Jump to behavior
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: EnumSystemLocalesW,0_2_0045726C
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: EnumSystemLocalesW,0_2_00457221
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: EnumSystemLocalesW,0_2_00457307
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_00457392
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: EnumSystemLocalesW,0_2_004506DA
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_0045770E
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetLocaleInfoW,0_2_00457814
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_004578EA
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetLocaleInfoW,0_2_00450BA9
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_00456F75
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: EnumSystemLocalesW,2_2_000F7221
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: EnumSystemLocalesW,2_2_000F726C
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: EnumSystemLocalesW,2_2_000F7307
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,2_2_000F7392
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: EnumSystemLocalesW,2_2_000F06DA
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,2_2_000F770E
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetLocaleInfoW,2_2_000F7814
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,2_2_000F78EA
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetLocaleInfoW,2_2_000F0BA9
              Source: C:\Users\user\AppData\Roaming\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,2_2_000F6F75
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeQueries volume information: C:\ VolumeInformation
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00448778 GetSystemTimeAsFileTime,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,0_2_00448778
              Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exeCode function: 0_2_00406280 VirtualQuery,VirtualAlloc,VirtualProtect,VirtualProtect,VirtualProtect,GetVersionExW,GetCurrentProcess,FlushInstructionCache,VirtualFree,0_2_00406280
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
              Source: RegAsm.exe, 00000018.00000002.2386497834.0000000001684000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ows Defender\MsMpeng.exe
              Source: RegSvcs.exe, 00000012.00000002.2386209407.0000000000FD5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: RegAsm.exe, 00000018.00000002.2387923843.00000000016A5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Windows Defender\MsMpeng.exe
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 Blob
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: 00000018.00000002.2393036988.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1640, type: MEMORYSTR
              Source: Yara matchFile source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.2391522183.0000000003860000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.1207783827.00000000036F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.2392222837.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2392027364.0000000003870000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000003.1425770616.0000000003861000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.2391743335.0000000003EE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2391237913.00000000036C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\prefs.js
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\places.sqlite
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pdliaogehgdbhbnmkklieghmmjkpigpa
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cookies.sqlite
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\logins.json
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\formhistory.sqlite
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\cert9.db
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3nxxd8pi.default-release\key4.db
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
              Tries to harvest and steal ftp login credentials
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetter
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FTPRush
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FTPbox
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTP
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfo
              Tries to steal Crypto Currency Wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Binance
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Ledger Live
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Binance
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\UNKRLCVOHV
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\UNKRLCVOHV
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\TQDFJHPUIU
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\TQDFJHPUIU
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUG
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUG
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREP
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SNIPGPPREP
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUG
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUG
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUG
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUG
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\TQDFJHPUIU
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\TQDFJHPUIU
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SQSJKEBWDT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SQSJKEBWDT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUG
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\EEGWXUHVUG
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\GIGIYTFFYT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\NVWZAPQSQL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\PALRGUCVEH
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BJZFPPWAPT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\BNAGMGSPLO
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\NWCXBPIUYI
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SQSJKEBWDT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\SQSJKEBWDT
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\UNKRLCVOHV
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exeDirectory queried: C:\Users\user\Documents\UNKRLCVOHV

              Remote Access Functionality

              barindex
              Attempt to bypass Chrome Application-Bound Encryption
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default" --remote-debugging-port=9203
              Yara detected LummaC Stealer
              Source: Yara matchFile source: 00000018.00000002.2393036988.0000000003B42000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1640, type: MEMORYSTR
              Source: Yara matchFile source: 0000000E.00000002.2390711671.0000000003D40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.2391522183.0000000003860000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000003.1207783827.00000000036F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.2392222837.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2392027364.0000000003870000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000003.1425770616.0000000003861000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000E.00000002.2391743335.0000000003EE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.2391237913.00000000036C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              DLL Side-Loading              		1
              Disable or Modify Tools              		2
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		12
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Native API              		1
              Registry Run Keys / Startup Folder              		1
              Extra Window Memory Injection              		1
              Deobfuscate/Decode Files or Information              		LSASS Memory12
              File and Directory Discovery              		Remote Desktop Protocol31
              Data from Local System              		21
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)411
              Process Injection              		3
              Obfuscated Files or Information              		Security Account Manager34
              System Information Discovery              		SMB/Windows Admin Shares1
              Screen Capture              		1
              Remote Access Software              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
              Registry Run Keys / Startup Folder              		1
              DLL Side-Loading              		NTDS1
              Query Registry              		Distributed Component Object Model3
              Clipboard Data              		3
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Extra Window Memory Injection              		LSA Secrets331
              Security Software Discovery              		SSHKeylogging14
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Masquerading              		Cached Domain Credentials21
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
              Virtualization/Sandbox Evasion              		DCSync1
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job411
              Process Injection              		Proc Filesystem1
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1663547 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 11/04/2025 Architecture: WINDOWS Score: 100 51 unbinddas.digital 2->51 53 x1.i.lencr.org 2->53 55 7 other IPs or domains 2->55 101 Found malware configuration 2->101 103 Multi AV Scanner detection for submitted file 2->103 105 Yara detected LummaC Stealer 2->105 107 3 other signatures 2->107 9 SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe 3 18 2->9         started        13 SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe 2->13         started        16 SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe 2->16         started        signatures3 process4 dnsIp5 59 bitbucket.org 104.192.142.25, 443, 49683, 49685 AMAZON-AESUS United States 9->59 61 s3-w.us-east-1.amazonaws.com 52.216.29.196, 443, 49684 AMAZON-02US United States 9->61 47 SecuriteInfo.com.W...gen.12458.14123.exe, PE32 9->47 dropped 49 SecuriteInfo.com.W...exe:Zone.Identifier, ASCII 9->49 dropped 18 SecuriteInfo.com.Win32.MalwareX-gen.12458.14123.exe 1 13 9->18         started        21 Acrobat.exe 71 9->21         started        109 Writes to foreign memory regions 13->109 111 Allocates memory in foreign processes 13->111 113 Injects a PE file into a foreign processes 13->113 23 RegSvcs.exe 13->23         started        63 104.192.142.24, 443, 49729 AMAZON-AESUS United States 16->63 26 RegAsm.exe 16->26         started        file6 signatures7 process8 dnsIp9 83 Multi AV Scanner detection for dropped file 18->83 85 Contains functionality to inject code into remote processes 18->85 87 Writes to foreign memory regions 18->87 99 2 other signatures 18->99 28 RegAsm.exe 18->28         started        32 RegAsm.exe 18->32         started        34 AcroCEF.exe 106 21->34         started        57 127.0.0.1 unknown unknown 23->57 89 Attempt to bypass Chrome Application-Bound Encryption 23->89 91 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 23->91 93 Tries to steal Crypto Currency Wallets 23->93 36 chrome.exe 23->36         started        95 Query firmware table information (likely to detect VMs) 26->95 97 Tries to harvest and steal browser information (history, passwords, etc) 26->97 38 chrome.exe 26->38         started        signatures10 process11 dnsIp12 77 unbinddas.digital 172.67.172.163, 443, 49686, 49693 CLOUDFLARENETUS United States 28->77 115 Query firmware table information (likely to detect VMs) 28->115 117 Tries to harvest and steal ftp login credentials 28->117 119 Tries to harvest and steal browser information (history, passwords, etc) 28->119 121 Tries to steal Crypto Currency Wallets 28->121 123 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 32->123 79 e8652.dscx.akamaiedge.net 23.207.49.54, 49696, 80 AKAMAI-ASUS United States 34->79 40 AcroCEF.exe 6 34->40         started        81 192.168.2.9, 138, 443, 49672 unknown unknown 36->81 42 chrome.exe 36->42         started        45 chrome.exe 38->45         started        signatures13 process14 dnsIp15 65 plus.l.google.com 108.177.122.102, 443, 49731 GOOGLEUS United States 42->65 67 www.google.com 142.251.15.105, 443, 49717, 49722 GOOGLEUS United States 42->67 75 3 other IPs or domains 42->75 69 173.194.219.95, 443, 49759, 49761 GOOGLEUS United States 45->69 71 74.125.136.99, 443, 49750, 49753 GOOGLEUS United States 45->71 73 play.google.com 45->73

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.