Edit tour

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/Pyp8CZ6DjlFqVNlXhzfr25?domain=urldefense.proofpoint.com

Overview

General Information

Sample URL:https://url.us.m.mimecastprotect.com/s/Pyp8CZ6DjlFqVNlXhzfr25?domain=urldefense.proofpoint.com
Analysis ID:1437778

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic
Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 7148 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.us.m.mimecastprotect.com/s/Pyp8CZ6DjlFqVNlXhzfr25?domain=urldefense.proofpoint.com MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3680 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1824,i,15855108381511848144,13325549480144228516,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No yara matches
No Sigma rule has matched
Timestamp:05/07/24-22:14:59.323160
SID:2046266
Source Port:50500
Destination Port:49699
Protocol:TCP
Classtype:A Network Trojan was detected
Timestamp:05/07/24-22:14:59.540483
SID:2046267
Source Port:50500
Destination Port:49699
Protocol:TCP
Classtype:A Network Trojan was detected

Click to jump to signature section

Show All Signature Results
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.199.50.2:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.199.50.2:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49734 version: TLS 1.2

Networking

barindex
Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 193.233.132.47:50500 -> 192.168.2.6:49699
Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 193.233.132.47:50500 -> 192.168.2.6:49699
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 23.219.82.33
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.199.50.2
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: global trafficDNS traffic detected: DNS query: url.us.m.mimecastprotect.com
Source: global trafficDNS traffic detected: DNS query: urldefense.proofpoint.com
Source: global trafficDNS traffic detected: DNS query: t.nypost.com
Source: global trafficDNS traffic detected: DNS query: dodyanimation.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49689 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49714 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.199.50.2:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.199.50.2:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.16:49734 version: TLS 1.2
Source: classification engineClassification label: mal48.win@29/15@14/129
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://url.us.m.mimecastprotect.com/s/Pyp8CZ6DjlFqVNlXhzfr25?domain=urldefense.proofpoint.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1824,i,15855108381511848144,13325549480144228516,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1824,i,15855108381511848144,13325549480144228516,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://url.us.m.mimecastprotect.com/s/Pyp8CZ6DjlFqVNlXhzfr25?domain=urldefense.proofpoint.com0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
t2.nypost.com
18.164.96.77
truefalse
    high
    url.us.m.mimecastprotect.com
    207.211.31.113
    truefalse
      unknown
      dodyanimation.com
      103.146.203.15
      truefalse
        unknown
        plus.l.google.com
        142.251.40.110
        truefalse
          high
          play.google.com
          142.251.40.206
          truefalse
            high
            urldefense.com
            52.6.56.188
            truefalse
              unknown
              www.google.com
              142.250.65.164
              truefalse
                high
                t.nypost.com
                unknown
                unknownfalse
                  high
                  urldefense.proofpoint.com
                  unknown
                  unknownfalse
                    high
                    apis.google.com
                    unknown
                    unknownfalse
                      high
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      1.1.1.1
                      unknownAustralia
                      13335CLOUDFLARENETUSfalse
                      142.250.65.163
                      unknownUnited States
                      15169GOOGLEUSfalse
                      142.250.80.110
                      unknownUnited States
                      15169GOOGLEUSfalse
                      142.251.40.238
                      unknownUnited States
                      15169GOOGLEUSfalse
                      142.251.40.206
                      play.google.comUnited States
                      15169GOOGLEUSfalse
                      207.211.31.113
                      url.us.m.mimecastprotect.comUnited States
                      14135NAVISITE-EAST-2USfalse
                      103.146.203.15
                      dodyanimation.comunknown
                      136052IDNIC-IDCLOUDHOST-AS-IDPTCloudHostingIndonesiaIDfalse
                      142.251.40.110
                      plus.l.google.comUnited States
                      15169GOOGLEUSfalse
                      239.255.255.250
                      unknownReserved
                      unknownunknownfalse
                      52.6.56.188
                      urldefense.comUnited States
                      14618AMAZON-AESUSfalse
                      18.164.96.77
                      t2.nypost.comUnited States
                      3MIT-GATEWAYSUSfalse
                      142.250.65.164
                      www.google.comUnited States
                      15169GOOGLEUSfalse
                      142.250.176.195
                      unknownUnited States
                      15169GOOGLEUSfalse
                      142.251.41.3
                      unknownUnited States
                      15169GOOGLEUSfalse
                      172.253.115.84
                      unknownUnited States
                      15169GOOGLEUSfalse
                      IP
                      192.168.2.16
                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1437778
                      Start date and time:2024-05-07 22:20:20 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                      Sample URL:https://url.us.m.mimecastprotect.com/s/Pyp8CZ6DjlFqVNlXhzfr25?domain=urldefense.proofpoint.com
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:14
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • EGA enabled
                      Analysis Mode:stream
                      Analysis stop reason:Timeout
                      Detection:MAL
                      Classification:mal48.win@29/15@14/129
                      • Exclude process from analysis (whitelisted): SIHClient.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 142.251.41.3, 142.251.40.238, 172.253.115.84, 34.104.35.123
                      • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, slscr.update.microsoft.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • VT rate limit hit for: https://url.us.m.mimecastprotect.com/s/Pyp8CZ6DjlFqVNlXhzfr25?domain=urldefense.proofpoint.com
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 19:20:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2673
                      Entropy (8bit):3.99027082419228
                      Encrypted:false
                      SSDEEP:
                      MD5:A3019CA92921DC85E810EB456EB2F2D1
                      SHA1:6CEC163D4E890928D748DCB6AB2948FA0A3016BB
                      SHA-256:09F30A6163BC911AC4F192B3C9A9847B13BD26D4A8BD06A194CA94A2A2B7218D
                      SHA-512:F246A03DEB5ED8A2BA17B673415BC39B480096BDA384644AA0483C1A85FEA6460BC607FC09BB016062387C835D95C3848C8E59902214BACF3B103C07827431CF
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....($5.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 19:20:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2675
                      Entropy (8bit):4.008656361812906
                      Encrypted:false
                      SSDEEP:
                      MD5:1877475834E1165C6BD32C8A830C0F5E
                      SHA1:C17076A942DECE416E9C63ABC32C86239E5E774B
                      SHA-256:D5EEB8279FAD0EEB362B74CB049B7AADF2D1CCA39646E8B535F823A836B46035
                      SHA-512:2B87BCCBE734AF302A983C092AB4163EE3BD577FE2939E2AF2950063F407199281E2C0631FBFDA8A4E8E50A415D83DA064C4EF58D65F9355E6C1B1CD1AF9BFE4
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,......(.....N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2689
                      Entropy (8bit):4.014139183310003
                      Encrypted:false
                      SSDEEP:
                      MD5:B37FDE7D6A93925A061D0032A059C70B
                      SHA1:D6513B79B5660544F1045C0F2F55E7064BCFB02F
                      SHA-256:AE725449CE9B5703F272ACE5137E02520229BD77847F4EF2B04D73219DCE2678
                      SHA-512:D6AE35276AC1FC142DC5D2F6BF4BA858657B9B8B8660F8AF04415286F37B5360EC6B77316889132AF47BC614DE42C6684F4B026152DCD2FAF237EE9980AC01C7
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,.....Y.04...N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.VFW.E...........................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 19:20:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):4.005319321890532
                      Encrypted:false
                      SSDEEP:
                      MD5:7D60365AB6F6C057AC39E48FA9205C25
                      SHA1:BD996C25657FA589C8E0E84A0E629B53E459FC25
                      SHA-256:62E85DF0A0EDD914FEBD167372ABF9D97E15EB0155A33EF8F8A8F0C174C8F67C
                      SHA-512:FB06172203A32F07CD6128E595D24AE47BFF50392FB4B6A81E4E9EFB7DA39F5779CE34891109C340E8E7F85F3E65DBD7F85C4A97B93EA937EB766562B6D966F3
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....^.......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 19:20:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2677
                      Entropy (8bit):3.992290159586263
                      Encrypted:false
                      SSDEEP:
                      MD5:C58E896CC6EA4066D260DC4EABF00679
                      SHA1:949C2BF0F52C8ACC5C75920590E30C437B4285D6
                      SHA-256:84DD2FFBDB856F7E48791A8DBF8A01CA6F86DE155ABB29FD16F0C008C19DB19B
                      SHA-512:14B62C9D209755DE01F74686152FDD376F42BF8E789597EA06AE695A44ACBD805350D11CAFB6606149B3BE2EFF6FDD21A63074EA8DDE2C590D312C5B7EEED18D
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,............N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue May 7 19:20:47 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                      Category:dropped
                      Size (bytes):2679
                      Entropy (8bit):4.001187978205316
                      Encrypted:false
                      SSDEEP:
                      MD5:D92EE3DE1CD79772031A48CA46836203
                      SHA1:852EDD5CF576A1F3A1115E19ECF49DD9CEAA6AC5
                      SHA-256:24FEFA5FBE32767F4DFF5F14E278ADF1020EFEAA9FB54D7BB1AFF8BA42C7222D
                      SHA-512:DE3DAFA74FE33FEF79E543FDE7E8EA3D617B35E057DD82BDEC96376D2AE4A76FC7E334D42C543A122CD0AAEA251446AC328D2A77653C0E103BDA1DBD2FA6688E
                      Malicious:false
                      Reputation:unknown
                      Preview:L..................F.@.. ...$+.,....o*......N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.X......B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.X......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.X......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.X............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.X.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i............_.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (2294)
                      Category:downloaded
                      Size (bytes):164357
                      Entropy (8bit):5.543248267243661
                      Encrypted:false
                      SSDEEP:
                      MD5:78D34FAD902B7630AF71954FC0426C45
                      SHA1:05BCA26EB030894909778212460700A9084AB9F9
                      SHA-256:F503411907A749B8154CB08D881B7E90B4FCA7C3342E301C8453913309116C1A
                      SHA-512:77CE8E67C5270F30B1E0D346FBC12BA40F8370F8F9054D3778B1ECB1FB74407EC7D409D7D2FEAD4B123FFC60EC1DD9D3BC48465345DE861D2F769797B250DBED
                      Malicious:false
                      Reputation:unknown
                      URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US.HXYu-DUGTMg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTtRvtbBFIN3h-_jsv-ID1cELyEQ1w"
                      Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.cj=function(a,b,c){return c?a|b:a&~b};_.dj=function(a,b,c,d){a=_.jb(a,b,c,d);return Array.isArray(a)?a:_.kc};_.ej=function(a,b){a=_.cj(a,2,!!(2&b));a=_.cj(a,32,!0);return a=_.cj(a,2048,!1)};_.fj=function(a,b){0===a&&(a=_.ej(a,b));return a=_.cj(a,1,!0)};_.gj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.hj=function(a,b,c){32&b&&c||(a=_.cj(a,32,!1));return a};._.ij=function(a,b,c,d,e,f){var g=!!(2&b);const h=g?1:2;e=!!e;f&&(f=!g);g=_.dj(a,b,d);var k=g[_.v]|0;const l=!!(4&k);if(!l){k=_.fj(k,b);var n=g,p=b;const t=!!(2&k);t&&(p=_.cj(p,2,!0));let r=!t,B=!0,aa=0,M=0;for(;aa<n.length;aa++){const F=_.Ta(n[aa],c,p);if(F instanceof c){if(!t){const ba=!!((F.ka[_.v]|0)&2);r&&(r=!ba);B&&(B=ba)}n[M++]=F}}M<aa&&(n.length=M);k=_.cj(k,4,!0);k=_.cj(k,16,B);k=_.cj(k,8,r);_.ya(n,k);t&&Object.freeze(n)}if(f&&!(8&k||!g.length&&(1===h||4===h&&32&k))){_.gj(k)&&(g=_.xa(g),k=._.ej(k,b),b=_.ib(a,b,d,g));c=g;f=k;for(n=0;n<c.length;n++)k=c[n],p=_.g
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (800)
                      Category:downloaded
                      Size (bytes):805
                      Entropy (8bit):5.12113422749559
                      Encrypted:false
                      SSDEEP:
                      MD5:72A39E7D4DCFF549088E7D764ECA2BD5
                      SHA1:D93E07F3590295DB1C28E14A68701BE993E960ED
                      SHA-256:479A1972F5E408401CE12E174C985A6ADCAE29271CA651A059B1959E1C938A09
                      SHA-512:09963D94562A183353237D82DDD4D770397EB1D42B66EEC81475CC04594A7BBA27E0085C8DBB9F9F08F114C3DAF591181835E70296802EA77701CC02EC2AD1F7
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                      Preview:)]}'.["",["boeing starliner launch nasa","disneyland halloween party","us economy recession","manchester united crystal palace","apex legends season 21 patch notes","cast of tracker episode 11","spirit airlines stock","san diego padres vs cubs prediction"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002}],"google:suggestrelevance":[1257,1256,1255,1254,1253,1252,1251,1250],"google:suggestsubtypes":[[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362],[3,143,362]],"google:suggesttype":["QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY","QUERY"]}]
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text
                      Category:downloaded
                      Size (bytes):29
                      Entropy (8bit):3.9353986674667634
                      Encrypted:false
                      SSDEEP:
                      MD5:6FED308183D5DFC421602548615204AF
                      SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
                      SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
                      SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.google.com/async/newtab_promos
                      Preview:)]}'.{"update":{"promos":{}}}
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (3410)
                      Category:downloaded
                      Size (bytes):3415
                      Entropy (8bit):5.829784986069208
                      Encrypted:false
                      SSDEEP:
                      MD5:BFD5F1F4BAB22111E838810C48D16A5A
                      SHA1:996BE567B47D0151DD9521AE5405C98B2A2FABFB
                      SHA-256:B80CD5376AFB17C3564E923FF561D30A21EA9B06B57B31A77110B00C631B02FE
                      SHA-512:6E23D091C8A617287B5E121250D4E2BE097B1CF914D5537CFA42B5A116410B597E300D67D43D2FF7C7F89301D3E67B329CA97E04476A5B622CE0032784A0B9E7
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
                      Preview:)]}'.["",["psg vs borussia dortmund prediction","noelia voigt resigns","mortgage interest rates","barnsdall oklahoma tornadoes","hades ii early access","congress the bible verses","spirit airlines stock","iain armitage young sheldon"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgovbS8wbjNoa3I3Eg1JYWluIEFybWl0YWdlMo8OZGF0YTppbWFnZS9qcGVnO2Jhc2U2NCwvOWovNEFBUVNrWkpSZ0FCQVFBQUFRQUJBQUQvMndDRUFBa0dCd2dIQmdrSUJ3Z0tDZ2tMRFJZUERRd01EUnNVRlJBV0lCMGlJaUFkSHg4a0tEUXNKQ1l4Sng4ZkxUMHRNVFUzT2pvNkl5cy9SRDg0UXpRNU9qY0JDZ29LRFF3TkdnOFBHamNsSHlVM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOLy9BQUJFSUFFQUFRQU1CSWdBQ0VRRURFUUgveEFBYkFBQURBQU1CQVFBQUFBQUFBQUFBQUFBRUJRWUJBZ01IQVAvRUFESVFBQUlCQXdNQ0F3VUhCUUFBQUFBQUFBRUNBd0FFRVFVU0lURkJC
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (3572), with no line terminators
                      Category:downloaded
                      Size (bytes):3572
                      Entropy (8bit):5.140651484312947
                      Encrypted:false
                      SSDEEP:
                      MD5:122C0858F7D38991F14E5ADC6BDB3C3B
                      SHA1:FFC64755EB42990A73C4878426A641CFB94B57EE
                      SHA-256:06D1296A6F6611AC795B27882FE88823EE857D0F49F7018CF00C6A199976DC0D
                      SHA-512:149A1FB533C8C7D5EA363B80982DC1EC4C39E5EF9BB37E45BC80E105B18C3FA4DC610449BBD70DE9B9AC7339FEBBBD4FF76C2A9D1FD104D1943A386539AC4D44
                      Malicious:false
                      Reputation:unknown
                      URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.RS0dNtaZmo0.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTuhe2hCYlalU7rKCW-qT_-zMhVRaw"
                      Preview:.gb_2e{background:rgba(60,64,67,.9);-webkit-border-radius:4px;border-radius:4px;color:#fff;font:500 12px "Roboto",arial,sans-serif;letter-spacing:.8px;line-height:16px;margin-top:4px;min-height:14px;padding:4px 8px;position:absolute;z-index:1000;-webkit-font-smoothing:antialiased}.gb_Fc{text-align:left}.gb_Fc>*{color:#bdc1c6;line-height:16px}.gb_Fc div:first-child{color:white}.gb_pa{background:none;border:1px solid transparent;-webkit-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;box-sizing:border-box;cursor:pointer;height:40px;margin:8px;outline:none;padding:1px;position:absolute;right:0;top:0;width:40px}.gb_pa:hover{background-color:rgba(68,71,70,.08)}.gb_pa:focus,.gb_pa:active{background-color:rgba(68,71,70,.12)}.gb_pa:focus-visible{border-color:#0b57d0;outline:1px solid transparent;outline-offset:-1px}.gb_i .gb_pa:hover,.gb_i .gb_pa:focus,.gb_i .gb_pa:active{background-color:rgba(227,227,227,.08)}.gb_i .gb_pa:focus-visible{border-color:#a8c7fa}.gb_qa{-webkit-box
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (65531)
                      Category:downloaded
                      Size (bytes):137046
                      Entropy (8bit):5.441299893308905
                      Encrypted:false
                      SSDEEP:
                      MD5:CBDBDAB07F01B083D9BBC486F23AB543
                      SHA1:FF61584FC66F0E6E796F4CB0DC2DB1534BB8C0A1
                      SHA-256:B87F8A7A4DAFE4C9DB4A2BB847A990F23F76095E50C8AE53B846E3A444119178
                      SHA-512:F3751EF7F4F11753C15593426369A6DA6EA101FB63E51128698AFB97867D7039B6FD2EE32AEA97878D13F34E7133F6350E6FA33592289977BBB0EFDB72A5B3A0
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
                      Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Qa gb_hb gb_Td gb_nd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Hd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_rd gb_kd gb_xd gb_wd\"\u003e\u003cdiv class\u003d\"gb_qd gb_gd\"\u003e\u003cdiv class\u003d\"gb_Oc gb_q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Oc gb_Rc gb_q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:SVG Scalable Vector Graphics image
                      Category:downloaded
                      Size (bytes):1660
                      Entropy (8bit):4.301517070642596
                      Encrypted:false
                      SSDEEP:
                      MD5:554640F465EB3ED903B543DAE0A1BCAC
                      SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
                      SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
                      SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
                      Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text, with very long lines (2124)
                      Category:downloaded
                      Size (bytes):121628
                      Entropy (8bit):5.506662476672723
                      Encrypted:false
                      SSDEEP:
                      MD5:F46ACD807A10216E6EEE8EA51E0F14D6
                      SHA1:4702F47070F7046689432DCF605F11364BC0FBED
                      SHA-256:D6B84873D27E7E83CF5184AAEF778F1CCB896467576CD8AF2CAD09B31B3C6086
                      SHA-512:811263DC85C8DAA3A6E5D8A002CCCB953CD01E6A77797109835FE8B07CABE0DEE7EB126274E84266229880A90782B3B016BA034E31F0E3B259BF9E66CA797028
                      Malicious:false
                      Reputation:unknown
                      URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SCWmpDDGjPk.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AAAC/rs=AHpOoo_Pl64J0IIHlj2zBtEJ3ZwdaJC3HA/cb=gapi.loaded_0"
                      Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){("undefined"!==typeof globalThis?globalThis:"undefined"!==typeof self?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x20000, ]);.var ba,ca,da,na,pa,va,wa,za;ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.da=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.ma=da(this);na=function(a,b){if(b)a:{var c=_.ma;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)re
                      Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                      File Type:ASCII text
                      Category:downloaded
                      Size (bytes):19
                      Entropy (8bit):3.6818808028034042
                      Encrypted:false
                      SSDEEP:
                      MD5:9FAE2B6737B98261777262B14B586F28
                      SHA1:79C894898B2CED39335EB0003C18B27AA8C6DDCD
                      SHA-256:F55F6B26E77DF6647E544AE5B45892DCEA380B7A6D2BFAA1E023EA112CE81E73
                      SHA-512:29CB8E5462B15488B0C6D5FC1673E273FB47841E9C76A4AA5415CA93CEA31B87052BBA511680F2BC9E6543A29F1BBFBA9D06FCC08F5C65BEB115EE7A9E5EFF36
                      Malicious:false
                      Reputation:unknown
                      URL:https://www.google.com/async/ddljson?async=ntp:2
                      Preview:)]}'.{"ddljson":{}}
                      No static file info