Edit tour

Windows Analysis Report
https://www.bing[.]com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly84NS5yZXNjaW5kcS5jb20vd3F0eVpBRlp6RjNoWGdz

Overview

General Information

Sample URL:https://www.bing[.]com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713e
Analysis ID:1559448

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

Stores files to the Windows start menu directory

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 1496 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
    • chrome.exe (PID: 1036 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,16603206859217338878,17582753418004204528,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • chrome.exe (PID: 820 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.bing%5B.%5Dcom/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly84NS5yZXNjaW5kcS5jb20vd3F0eVpBRlp6RjNoWGdzb2dib0tnLw==" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)
  • cleanup
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.18:49691 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.18:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.231.128.66:443 -> 192.168.2.18:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.158.186:443 -> 192.168.2.18:49713 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: unknownTCP traffic detected without corresponding DNS query: 20.231.128.66
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: apis.google.com
Source: global trafficDNS traffic detected: DNS query: play.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49693 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49691 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49693
Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49692
Source: unknownNetwork traffic detected: HTTP traffic on port 49692 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49691
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.18:49691 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.18:49697 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.18:49705 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.231.128.66:443 -> 192.168.2.18:49710 version: TLS 1.2
Source: unknownHTTPS traffic detected: 2.16.158.186:443 -> 192.168.2.18:49713 version: TLS 1.2
Source: classification engineClassification label: clean0.win@19/13@6/53
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,16603206859217338878,17582753418004204528,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.bing%5B.%5Dcom/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly84NS5yZXNjaW5kcS5jb20vd3F0eVpBRlp6RjNoWGdzb2dib0tnLw=="
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 --field-trial-handle=1988,i,16603206859217338878,17582753418004204528,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Registry Run Keys / Startup Folder
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Registry Run Keys / Startup Folder
1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://www.bing%5B.%5Dcom/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly84NS5yZXNjaW5kcS5jb20vd3F0eVpBRlp6RjNoWGdzb2dib0tnLw==0%Avira URL Cloudsafe
No Antivirus matches
No Antivirus matches
No Antivirus matches
No Antivirus matches
NameIPActiveMaliciousAntivirus DetectionReputation
plus.l.google.com
142.250.181.110
truefalse
    high
    play.google.com
    172.217.19.206
    truefalse
      high
      www.google.com
      172.217.21.36
      truefalse
        high
        apis.google.com
        unknown
        unknownfalse
          high
          • No. of IPs < 25%
          • 25% < No. of IPs < 50%
          • 50% < No. of IPs < 75%
          • 75% < No. of IPs
          IPDomainCountryFlagASNASN NameMalicious
          142.250.181.138
          unknownUnited States
          15169GOOGLEUSfalse
          172.217.19.206
          play.google.comUnited States
          15169GOOGLEUSfalse
          172.217.19.227
          unknownUnited States
          15169GOOGLEUSfalse
          172.217.19.238
          unknownUnited States
          15169GOOGLEUSfalse
          1.1.1.1
          unknownAustralia
          13335CLOUDFLARENETUSfalse
          64.233.165.84
          unknownUnited States
          15169GOOGLEUSfalse
          239.255.255.250
          unknownReserved
          unknownunknownfalse
          172.217.21.35
          unknownUnited States
          15169GOOGLEUSfalse
          172.217.21.36
          www.google.comUnited States
          15169GOOGLEUSfalse
          142.250.181.110
          plus.l.google.comUnited States
          15169GOOGLEUSfalse
          IP
          192.168.2.18
          Joe Sandbox version:41.0.0 Charoite
          Analysis ID:1559448
          Start date and time:2024-11-20 15:00:49 +01:00
          Joe Sandbox product:CloudBasic
          Overall analysis duration:
          Hypervisor based Inspection enabled:false
          Report type:full
          Cookbook file name:defaultwindowsinteractivecookbook.jbs
          Sample URL:https://www.bing[.]com/ck/a?!&&p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&ptn=3&ver=2&hsh=3&fclid=364f65e8-e56c-619d-1257-713ee42a6012&u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly84NS5yZXNjaW5kcS5jb20vd3F0eVpBRlp6RjNoWGdzb2dib0tnLw==
          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
          Number of analysed new started processes analysed:14
          Number of new started drivers analysed:0
          Number of existing processes analysed:0
          Number of existing drivers analysed:0
          Number of injected processes analysed:0
          Technologies:
          • EGA enabled
          Analysis Mode:stream
          Analysis stop reason:Timeout
          Detection:CLEAN
          Classification:clean0.win@19/13@6/53
          • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
          • Excluded IPs from analysis (whitelisted): 172.217.19.227, 64.233.165.84, 172.217.19.238, 34.104.35.123, 172.217.21.35
          • Excluded domains from analysis (whitelisted): fs.microsoft.com, clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com, www.gstatic.com
          • Not all processes where analyzed, report is missing behavior information
          • VT rate limit hit for: https://www.bing%5B.%5Dcom/ck/a?!&amp;&amp;p=5ceef533778c3decJmltdHM9MTcyMzQyMDgwMCZpZ3VpZD0zNjRmNjVlOC1lNTZjLTYxOWQtMTI1Ny03MTNlZTQyYTYwMTImaW5zaWQ9NTE0MA&amp;ptn=3&amp;ver=2&amp;hsh=3&amp;fclid=364f65e8-e56c-619d-1257-713ee42a6012&amp;u=a1aHR0cHM6Ly9sZXhpbnZhcmlhbnQuY29tLw#aHR0cHM6Ly84NS5yZXNjaW5kcS5jb20vd3F0eVpBRlp6RjNoWGdzb2dib0tnLw==
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:01:20 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2675
          Entropy (8bit):3.9705257124435076
          Encrypted:false
          SSDEEP:
          MD5:F794A85EED8E094542BB7EB67DF5F9F7
          SHA1:E9461F5A6F366E638F9ECE28F2E80C8B019EC148
          SHA-256:F19FC712F336832876612F14E098061C32600E6685F80058DD0D71CE92EF0E78
          SHA-512:EDEC17EEB21AB3C356B084ED58ADFA9DD9006648CCEE5F1A6F5F9C3F46BAE5320508D022F0BF5B1DEBDD458486EF47D263ACF75D7AA24DC270B513E2D21024B2
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....E9..T;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ItY"p....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY)p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VtY)p....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VtY)p...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY+p.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:01:20 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2677
          Entropy (8bit):3.9844263641304454
          Encrypted:false
          SSDEEP:
          MD5:001EDB35BAA934FC745B0EDDB660185F
          SHA1:73372ED31C667C9CBAC7B9F5D68E78CE54F6CF46
          SHA-256:15A724BDB4FE55FA96BDD54901F68965FF91D8531DEB25DD5B3107BE0864F8C2
          SHA-512:94D5A6430254CBC3B61CDA72237EBF9121323F32E6A6766631E57FF298E7759AF2D8282A02A8B2FA7D58BFDBDEE19C3DBB1305FB563AE7F2945223FD21B73095
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,........T;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ItY"p....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY)p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VtY)p....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VtY)p...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY+p.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 09:23:19 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2691
          Entropy (8bit):3.998890300756797
          Encrypted:false
          SSDEEP:
          MD5:325FCAA7DED6ACFAFE36792F2C5F1803
          SHA1:56FA5EF7E2A8C754C82DF995CA0A0A0F6E71A139
          SHA-256:4049AD5E7477850E1D5D8D03BCFA6FA0FEF3204DDE204D3D55400F3B97AC082F
          SHA-512:E447112E6CEAED5221A47F555C9569679B3B9155E24A09BD85B982B45844B6095FCC77944FE573B92CEEA136BBCCD392E6B5C1B19355870BA5B4EC35356FD6D4
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....?.4 ?.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ItY"p....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY)p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VtY)p....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VtY)p...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.R.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:01:20 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.9845921484848144
          Encrypted:false
          SSDEEP:
          MD5:3975C8207F3667E8D7970970A6DBAF4B
          SHA1:29DEC601C80A1EF167977043D3E7658EDD698CB2
          SHA-256:C93978A312DFD9B4F5EC0E16E3E0BE0D303FA6C617E8AEF9448CE61DA5A1833E
          SHA-512:0161E8F321BBDC0C10765980B004688286512E6EBD9BFAD78B286A62A71D9F2284ECDBE1F092A12E79116DD0C4EE4EF29A7AEAC340869C698854074C608AB744
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,.....b..T;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ItY"p....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY)p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VtY)p....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VtY)p...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY+p.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:01:20 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2679
          Entropy (8bit):3.974481722993156
          Encrypted:false
          SSDEEP:
          MD5:C800DE72B763EE5AC79DE138C62834DF
          SHA1:44CF7EE461D52F516C7E0E1D3E4FE109F850C2E0
          SHA-256:63373251D38C89C4A05C3F5F92247B5C8E26384AE70B16DEADE2543CBA65D9C7
          SHA-512:B074390AA89DFC16287D24FE6B173DAA5C9C311C9797398FC925546D6B88D879A213D93ED4CF701ED008FA1D4426F3F55F9A9E312A35B29BA89CC10B6D7A7FFA
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....z...T;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ItY"p....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY)p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VtY)p....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VtY)p...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY+p.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Nov 20 13:01:20 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
          Category:dropped
          Size (bytes):2681
          Entropy (8bit):3.983793565747173
          Encrypted:false
          SSDEEP:
          MD5:5B0E5D8D1615F6BDC4A087B8B6290A97
          SHA1:9D6B8AAFFD98A7D6696B21D6E83C412A64D8F824
          SHA-256:E7BD09B52CC68BF5B4D515369E0D91C6BE92A839579B84CDAF0C561965D81351
          SHA-512:76AC73E48C2DE6EBA0BF111928CFA726B8B4ED0F2A1545E5CC0ED52D70069B6EAE4BB8993D709DD19059208C0BA4CF7804753FFAE74B245487BF73F20201B5E4
          Malicious:false
          Reputation:unknown
          Preview:L..................F.@.. ...$+.,....O..T;......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.R..PROGRA~1..t......O.ItY"p....B...............J......Y..P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VtY)p....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.R..Chrome..>......CW.VtY)p....M......................pd.C.h.r.o.m.e.....`.1.....FW.R..APPLIC~1..H......CW.VtY)p...........................pd.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VtY+p.....#......................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i..................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (3300)
          Category:downloaded
          Size (bytes):3305
          Entropy (8bit):5.832661398770727
          Encrypted:false
          SSDEEP:
          MD5:7E4F52B946AE8662FE7AAB37E073F475
          SHA1:6FB6BEB6D96D4F60B5E572B076211CD20D79A336
          SHA-256:FF2147ACFAD2DD5AEF6FD51E15DD52379CAFE4252B552F0BBCC0696CB927F572
          SHA-512:0B0C728554A09F5ADA7B0AC60C1C41F26898E9E07AFD93F2E7CD929A9B9863432E749E4E6AC0CA3C33CD2272C2EB6B83E9131D9FE003822553865559769FE711
          Malicious:false
          Reputation:unknown
          URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
          Preview:)]}'.["",["boeing layoffs","koht alabama football","daily horoscope for capricorn","game awards nominations","pentagon aliens ocean","juan soto mlb","chill guy coins","stray kids world tour"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChgIkk4SEwoRVHJlbmRpbmcgc2VhcmNoZXM\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"Cg0vZy8xMWY1aHZ0MmpyEidKdWFuIFNvdG8g4oCUIERvbWluaWNhbiBiYXNlYmFsbCBwbGF5ZXIy1w1kYXRhOmltYWdlL2pwZWc7YmFzZTY0LC85ai80QUFRU2taSlJnQUJBUUFBQVFBQkFBRC8yd0NFQUFrR0J3Z0hCZ2tJQndnS0Nna0xEUllQRFF3TURSc1VGUkFXSUIwaUlpQWRIeDhrS0RRc0pDWXhKeDhmTFQwdE1UVTNPam82SXlzL1JEODRRelE1T2pjQkNnb0tEUXdOR2c4UEdqY2xIeVUzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM04vL0FBQkVJQUVBQVFBTUJJZ0FDRVFFREVRSC94QUFjQUFBQkJBTUJBQUFBQUFBQUFBQUFBQUFHQUFFRUJ3SURCUWoveEFBekVBQUNBUU1DQkFNRkNBTUJBQUFBQUFBQkFnTUFCQkVGSVFZU0V6RkJVV0VVSWxLUm9RY1ZJekppY1lHe
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (2586)
          Category:downloaded
          Size (bytes):175021
          Entropy (8bit):5.5519862292821776
          Encrypted:false
          SSDEEP:
          MD5:6ECBEC06F6245882E6D9659E66022263
          SHA1:F86FC301A3851511557DF798AD2BAD2AA4659946
          SHA-256:F7885470D82B8357E5AD03205AC0885DD9FD6F965E550D746627E5E35D4CF66B
          SHA-512:F2EDD978C9DC289B82DC0956503659B92C3B621DD1001DB2C5C34ACA01FFCDE7F84A6B24ED0B30A1EA6B15D937B6DD93FAE1DB97DCE26E9F9FCE1A3F5C43A8DD
          Malicious:false
          Reputation:unknown
          URL:"https://www.gstatic.com/og/_/js/k=og.qtm.en_US._3uvDuX1Bhg.2019.O/rt=j/m=q_dnp,qmd,qcwid,qapid,qald,qads,q_dg/exm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/rs=AA2YrTus2ZfPv70D5bJuGT4XDgi-VtNqjg"
          Preview:this.gbar_=this.gbar_||{};(function(_){var window=this;.try{._.Yi=function(a){if(4&a)return 4096&a?4096:8192&a?8192:0};_.Zi=class extends _.Q{constructor(){super()}};.}catch(e){_._DumpException(e)}.try{.var $i,aj,ej,hj,gj,cj,fj;$i=function(a){try{return a.toString().indexOf("[native code]")!==-1?a:null}catch(b){return null}};aj=function(){_.Na()};ej=function(a,b){(_.bj||(_.bj=new cj)).set(a,b);(_.dj||(_.dj=new cj)).set(b,a)};hj=function(a){if(fj===void 0){const b=new gj([],{});fj=Array.prototype.concat.call([],b).length===1}fj&&typeof Symbol==="function"&&Symbol.isConcatSpreadable&&(a[Symbol.isConcatSpreadable]=!0)};_.ij=function(a,b,c){a=_.tb(a,b,c);return Array.isArray(a)?a:_.Fc};._.jj=function(a,b){a=(2&b?a|2:a&-3)|32;return a&=-2049};_.kj=function(a,b){a===0&&(a=_.jj(a,b));return a|1};_.lj=function(a){return!!(2&a)&&!!(4&a)||!!(2048&a)};_.mj=function(a,b,c){32&b&&c||(a&=-33);return a};._.pj=function(a,b,c,d,e,f,g){a=a.ha;var h=!!(2&b);e=h?1:e;f=!!f;g&&(g=!h);h=_.ij(a,b,d);var k=h[_
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text
          Category:downloaded
          Size (bytes):29
          Entropy (8bit):3.9353986674667634
          Encrypted:false
          SSDEEP:
          MD5:6FED308183D5DFC421602548615204AF
          SHA1:0A3F484AAA41A60970BA92A9AC13523A1D79B4D5
          SHA-256:4B8288C468BCFFF9B23B2A5FF38B58087CD8A6263315899DD3E249A3F7D4AB2D
          SHA-512:A2F7627379F24FEC8DC2C472A9200F6736147172D36A77D71C7C1916C0F8BDD843E36E70D43B5DC5FAABAE8FDD01DD088D389D8AE56ED1F591101F09135D02F5
          Malicious:false
          Reputation:unknown
          URL:https://www.google.com/async/newtab_promos
          Preview:)]}'.{"update":{"promos":{}}}
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (65531)
          Category:downloaded
          Size (bytes):132981
          Entropy (8bit):5.43516627955599
          Encrypted:false
          SSDEEP:
          MD5:CE594BAAF37971FD528A612EA1E6D0CE
          SHA1:120676BD81441BFAA7B4D2DD8E00F14FC3423FB5
          SHA-256:8017C366E635C2BE39968117F0B327C16FFB39B3A12C57423F9C1D0E35AEEA86
          SHA-512:F57D9E714D9DFA1BD0A50CA9F6D4277911146084B16310D361AEF0ECF843E358D2A427001925B1D605659C7C7F0DD56C7719454AA27CFE0E7C416BD57F779508
          Malicious:false
          Reputation:unknown
          URL:https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0
          Preview:)]}'.{"update":{"language_code":"en-US","ogb":{"html":{"private_do_not_access_or_else_safe_html_wrapped_value":"\u003cheader class\u003d\"gb_Ea gb_2d gb_Qe gb_qd\" id\u003d\"gb\" role\u003d\"banner\" style\u003d\"background-color:transparent\"\u003e\u003cdiv class\u003d\"gb_Pd\"\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_kd gb_od gb_Fd gb_ld\"\u003e\u003cdiv class\u003d\"gb_wd gb_rd\"\u003e\u003cdiv class\u003d\"gb_Jc gb_Q\" aria-expanded\u003d\"false\" aria-label\u003d\"Main menu\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M3 18h18v-2H3v2zm0-5h18v-2H3v2zm0-7v2h18V6H3z\"\u003e\u003c\/path\u003e\u003c\/svg\u003e\u003c\/div\u003e\u003cdiv class\u003d\"gb_Jc gb_Mc gb_Q\" aria-label\u003d\"Go back\" title\u003d\"Go back\" role\u003d\"button\" tabindex\u003d\"0\"\u003e\u003csvg focusable\u003d\"false\" viewbox\u003d\"0 0 24 24\"\u003e\u003cpath d\u003d\"M20 11H7.83l5.59-5.59L12 4l-8 8 8 8 1.41-1.
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (1302)
          Category:downloaded
          Size (bytes):117949
          Entropy (8bit):5.4843553913091005
          Encrypted:false
          SSDEEP:
          MD5:A5D33473ED0997C008D1C053E0773EBE
          SHA1:FEB4CB89145601A0141CC5869BEDF9AE7CD5CB80
          SHA-256:14C27BB0224FCF89A43B444B427DABE3D0AF184CAA7B6B4990CE228C51AE01C1
          SHA-512:3C0A48F9FA05469F950D9A268F1B3E9285A783A555EE597A2E203B688EB0FBCAEA3F4DE9BC8F5381C661007D0C6C4AFA70C19B7826D69A0E2A914A55973D14BD
          Malicious:false
          Reputation:unknown
          URL:"https://apis.google.com/_/scs/abc-static/_/js/k=gapi.gapi.en.SGzW6IeCawI.O/m=gapi_iframes,googleapis_client/rt=j/sv=1/d=1/ed=1/am=AACA/rs=AHpOoo-5biO9jua-6zCEovdoDJ8SLzd6sw/cb=gapi.loaded_0"
          Preview:gapi.loaded_0(function(_){var window=this;._._F_toggles_initialize=function(a){(typeof globalThis!=="undefined"?globalThis:typeof self!=="undefined"?self:this)._F_toggles=a||[]};(0,_._F_toggles_initialize)([0x800000, ]);.var da,ea,ha,na,oa,sa,ta,wa;da=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}};ea=typeof Object.defineProperties=="function"?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.ha=function(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("a");};_.la=ha(this);na=function(a,b){if(b)a:{var c=_.la;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&b!=null&&ea(c,a,{configurable:!0,writable:!0,value:b})}};.na("Symbol",function(a){if(a)r
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:ASCII text, with very long lines (5162), with no line terminators
          Category:downloaded
          Size (bytes):5162
          Entropy (8bit):5.3503139230837595
          Encrypted:false
          SSDEEP:
          MD5:7977D5A9F0D7D67DE08DECF635B4B519
          SHA1:4A66E5FC1143241897F407CEB5C08C36767726C1
          SHA-256:FE8B69B644EDDE569DD7D7BC194434C57BCDF60280078E9F96EEAA5489C01F9D
          SHA-512:8547AE6ACA1A9D74A70BF27E048AD4B26B2DC74525F8B70D631DA3940232227B596D56AB9807E2DCE96B0F5984E7993F480A35449F66EEFCF791A7428C5D0567
          Malicious:false
          Reputation:unknown
          URL:"https://www.gstatic.com/og/_/ss/k=og.qtm.zyyRgCCaN80.L.W.O/m=qmd,qcwid/excm=qaaw,qabr,qadd,qaid,qalo,qebr,qein,qhaw,qhawgm3,qhba,qhbr,qhbrgm3,qhch,qhchgm3,qhga,qhid,qhidgm3,qhin,qhlo,qhlogm3,qhmn,qhpc,qhsf,qhsfgm3,qhtt/d=1/ed=1/ct=zgms/rs=AA2YrTs4SLbgh5FvGZPW_Ny7TyTdXfy6xA"
          Preview:.gb_P{-webkit-border-radius:50%;border-radius:50%;bottom:2px;height:18px;position:absolute;right:0;width:18px}.gb_Ja{-webkit-border-radius:50%;border-radius:50%;-webkit-box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);box-shadow:0px 1px 2px 0px rgba(60,64,67,.30),0px 1px 3px 1px rgba(60,64,67,.15);margin:2px}.gb_Ka{fill:#f9ab00}.gb_F .gb_Ka{fill:#fdd663}.gb_La>.gb_Ka{fill:#d93025}.gb_F .gb_La>.gb_Ka{fill:#f28b82}.gb_La>.gb_Ma{fill:white}.gb_Ma,.gb_F .gb_La>.gb_Ma{fill:#202124}.gb_Na{-webkit-clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 31.3282C19.1443 31.7653 17.5996 32 16 32C7.16344 32 0 24.8366 0 16C0 7.16344 7.16344 0 16 0Z");clip-path:path("M16 0C24.8366 0 32 7.16344 32 16C32 16.4964 31.9774 16.9875 31.9332 17.4723C30.5166 16.5411 28.8215 16 27 16C22.0294 16 18 20.0294 18 25C18 27.4671 18.9927 29.7024 20.6004 3
          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
          File Type:SVG Scalable Vector Graphics image
          Category:downloaded
          Size (bytes):1660
          Entropy (8bit):4.301517070642596
          Encrypted:false
          SSDEEP:
          MD5:554640F465EB3ED903B543DAE0A1BCAC
          SHA1:E0E6E2C8939008217EB76A3B3282CA75F3DC401A
          SHA-256:99BF4AA403643A6D41C028E5DB29C79C17CBC815B3E10CD5C6B8F90567A03E52
          SHA-512:462198E2B69F72F1DC9743D0EA5EED7974A035F24600AA1C2DE0211D978FF0795370560CBF274CCC82C8AC97DC3706C753168D4B90B0B81AE84CC922C055CFF0
          Malicious:false
          Reputation:unknown
          URL:https://www.gstatic.com/images/branding/googlelogo/svg/googlelogo_clr_74x24px.svg
          Preview:<svg xmlns="http://www.w3.org/2000/svg" width="74" height="24" viewBox="0 0 74 24"><path fill="#4285F4" d="M9.24 8.19v2.46h5.88c-.18 1.38-.64 2.39-1.34 3.1-.86.86-2.2 1.8-4.54 1.8-3.62 0-6.45-2.92-6.45-6.54s2.83-6.54 6.45-6.54c1.95 0 3.38.77 4.43 1.76L15.4 2.5C13.94 1.08 11.98 0 9.24 0 4.28 0 .11 4.04.11 9s4.17 9 9.13 9c2.68 0 4.7-.88 6.28-2.52 1.62-1.62 2.13-3.91 2.13-5.75 0-.57-.04-1.1-.13-1.54H9.24z"/><path fill="#EA4335" d="M25 6.19c-3.21 0-5.83 2.44-5.83 5.81 0 3.34 2.62 5.81 5.83 5.81s5.83-2.46 5.83-5.81c0-3.37-2.62-5.81-5.83-5.81zm0 9.33c-1.76 0-3.28-1.45-3.28-3.52 0-2.09 1.52-3.52 3.28-3.52s3.28 1.43 3.28 3.52c0 2.07-1.52 3.52-3.28 3.52z"/><path fill="#4285F4" d="M53.58 7.49h-.09c-.57-.68-1.67-1.3-3.06-1.3C47.53 6.19 45 8.72 45 12c0 3.26 2.53 5.81 5.43 5.81 1.39 0 2.49-.62 3.06-1.32h.09v.81c0 2.22-1.19 3.41-3.1 3.41-1.56 0-2.53-1.12-2.93-2.07l-2.22.92c.64 1.54 2.33 3.43 5.15 3.43 2.99 0 5.52-1.76 5.52-6.05V6.49h-2.42v1zm-2.93 8.03c-1.76 0-3.1-1.5-3.1-3.52 0-2.05 1.34-3.52 3.1-3
          No static file info