Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://162.159.129.233

Overview

General Information

Sample URL:http://162.159.129.233
Analysis ID:606485
Infos:

Detection

Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Antivirus detection for URL or domain

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 2952 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://162.159.129.233 MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 576 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,1155267026737125538,17040286387175416311,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

Timestamp:04/10/22-12:01:17.964179
SID:1201
Source Port:80
Destination Port:49723
Protocol:TCP
Classtype:Attempted Information Leak
Timestamp:04/10/22-12:01:48.781267
SID:1201
Source Port:80
Destination Port:49722
Protocol:TCP
Classtype:Attempted Information Leak

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus / Scanner detection for submitted sample
Source: http://162.159.129.233Avira URL Cloud: detection malicious, Label: malware
Multi AV Scanner detection for domain / URL
Source: http://162.159.129.233/Virustotal: Detection: 6%Perma Link
Multi AV Scanner detection for submitted file
Source: http://162.159.129.233Virustotal: Detection: 6%Perma Link
Antivirus detection for URL or domain
Source: http://162.159.129.233/cdn-cgi/styles/main.cssAvira URL Cloud: Label: malware
Source: http://162.159.129.233/favicon.icoAvira URL Cloud: Label: malware
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: unknownTCP traffic detected without corresponding DNS query: 162.159.129.233
Source: global trafficHTTP traffic detected: GET /beacon.js HTTP/1.1Host: api.radar.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /5xx-error-landing HTTP/1.1Host: www.cloudflare.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: 162.159.129.233Connection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /cdn-cgi/styles/main.css HTTP/1.1Host: 162.159.129.233Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://162.159.129.233/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 162.159.129.233Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Referer: http://162.159.129.233/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 162.159.129.233Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Referer: http://162.159.129.233/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 162.159.129.233Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Referer: http://162.159.129.233/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 162.159.129.233Connection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Referer: http://162.159.129.233/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 10 Apr 2022 10:01:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 6f9aa3ef29025c4a-FRAContent-Encoding: gzipData Raw: 37 64 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 5b 6f 1b 37 16 7e d7 af 38 e1 02 5e 09 10 35 92 2c 5f 22 8d 54 74 1d 17 f1 6e da 18 8d 83 36 28 0a 83 33 3c 23 d1 e6 90 53 92 92 2c 64 fd df 17 1c ce c8 23 c9 f1 26 0f 41 f5 a0 e1 f5 f0 5c be 73 21 e3 57 6f de 5f dc 7c ba be 84 85 cb e5 ac 15 bf a2 f4 0f 91 81 74 70 75 09 67 7f ce 20 f6 13 90 4a 66 ed 94 28 4d ef 2c 08 3c 05 2d b9 40 02 92 a9 f9 94 a0 a2 1f 3f 90 19 c4 af fe 40 c5 45 f6 27 a5 4f a4 2a 3a 00 cf 93 3a fb 36 52 e7 2f 90 3a ff 06 52 73 57 51 f3 03 cf 49 79 48 85 d2 5d 4a 0b 64 7c d6 8a 9d 70 12 67 6f 84 c1 d4 c1 d5 35 b0 34 45 6b 41 69 07 4c 4a bd 46 0e ff 85 0b a9 97 3c 93 cc 60 1c 85 0d ad 38 47 c7 20 5d 30 63 d1 4d c9 c7 9b 9f e8 39 81 a8 9e 58 38 57 50 fc 6b 29 56 53 72 a1 95 43 e5 e8 cd a6 40 02 69 e8 4d 89 c3 07 17 79 c6 27 5b 32 2f 51 f9 9d 7e fc 91 5e e8 bc 60 4e 24 b2 49 e8 ea 72 7a c9 e7 d8 4d 17 46 e7 38 1d 34 08 28 96 e3 94 18 9d 68 67 1b 3b 94 16 8a e3 43 17 94 ce b4 97 f2 60 cb 4a e0 ba d0 c6 35 36 ad 05 77 8b 29 c7 95 48 91 96 9d ae 50 c2 09 26 a9 4d 99 dc 1e 2c 85 ba 07 83 72 4a ac db 48 b4 0b 44 47 40 f0 29 49 b3 db 30 44 53 6b 09 2c 0c 66 53 12 a5 5c d1 74 2e a2 30 15 e5 4c a8 5e 39 ef 36 05 56 6a 2a fb 39 72 c1 a6 c4 a6 06 51 75 0b a3 ef 30 75 42 ab f2 d8 56 2b b6 a9 11 85 6b 6e bb 63 2b 16 46 c9 ac d5 ce 96 aa 5c df ee 7c 16 59 9b eb 74 99 a3 72 3d c6 f9 e5 0a 95 7b 27 ac 43 85 e6 e8 68 2d 14 d7 eb de ef 3f bf 7b eb 5c f1 2b fe b5 44 eb 8e 8e fe fd e1 fd 2f e1 bf 67 9d 11 6a 2e b2 4d e7 f3 8a 19 c0 e9 96 36 0b 23 e9 74 4b 7f 8e ee 52 a2 6f fe 6b 73 c5 db 04 8d d1 86 66 88 3c 61 e9 3d b5 4b b3 c2 0d e9 74 f9 37 6c 29 41 4a 3a dd 64 aa 70 0d bb 8c 4e d8 f4 33 7a 81 c6 a4 de 01 a9 14 e9 3d 72 e2 b5 56 a0 71 02 ed f8 73 49 f5 42 73 1c 0f fa fd e3 ee 02 65 91 2d e5 98 75 57 68 ac d0 6a 3c 78 7c 9c 24 3d 5d a0 6a 93 eb f7 1f 6e 48 97 78 44 da 71 14 d9 82 19 a3 d7 bd 74 eb 19 bd 54 e7 11 2b 44 b4 1a 44 e5 f1 a4 33 49 7a 16 5d c5 d6 5b 64 1c 4d 7b d7 1b ba 84 15 85 14 29 f3 ba 8b ee ac 56 5f d8 f5 21 9c 47 3f e8 a5 49 91 fe 07 37 a4 4b d2 b3 b3 41 d6 c7 51 72 32 7a 3d 1a 25 98 64 a3 e1 e9 80 8f 46 09 3f 7b cd 06 48 3a 93 96 27 a6 78 7b d7 6a 6d d6 e9 4c d2 5e 19 30 bc d9 3d 06 da 5b 6d d1 85 e0 1c 3d 27 bc b1 c4 60 ae 57 f8 cc aa c7 c9 17 a1 d4 26 6f de ff 5c 09 fc 4e 33 ee 2d d0 40 a1 07 0a fb 5a ab 93 4e f7 05 50 6d b9 4a 96 ce 69 45 37 68 5f 86 d4 fe 06 a5 49 67 42 b6 e2 12 a1 80 1d 1d b5 d9 d7 68 a0 9b 3e 23 79 09 b9 1d 71 b1 fd aa df 79 ec 74 f9 d7 ae 1e 74 1e 3b 9d c7 ce e3 63 a7 dd 99 b4 e2 28 b8 f2 ec c9 d5 39 66 68 c0
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Sun, 10 Apr 2022 10:01:48 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReferrer-Policy: same-originCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTVary: Accept-EncodingServer: cloudflareCF-RAY: 6f9aa4afcbf59049-FRAContent-Encoding: gzipData Raw: 37 64 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 5b 6f 1b 37 16 7e d7 af 38 e1 02 5e 09 10 35 92 22 5f 22 8d 54 74 1d 17 f1 6e da 18 b5 83 36 28 0a 83 33 3c 23 31 e6 90 53 92 92 2c 78 fd df 17 1c ce c8 23 c9 f1 26 0f 41 f5 a0 e1 f5 f0 5c be 73 21 e3 57 6f 3f 9c df 7c ba ba 80 85 cb e5 ac 15 bf a2 f4 0f 91 81 74 70 79 01 a7 7f ce 20 f6 13 90 4a 66 ed 94 28 4d 3f 5b 10 78 02 5a 72 81 04 24 53 f3 29 41 45 3f 5e 93 19 c4 af fe 40 c5 45 f6 27 a5 4f a4 2a 3a 00 cf 93 3a fd 36 52 67 2f 90 3a fb 06 52 73 57 51 f3 03 cf 49 79 48 85 d2 5d 4a 0b 64 7c d6 8a 9d 70 12 67 6f 85 c1 d4 c1 e5 15 b0 34 45 6b 41 69 07 4c 4a bd 46 0e ff 85 73 a9 97 3c 93 cc 60 1c 85 0d ad 38 47 c7 20 5d 30 63 d1 4d c9 c7 9b 9f e8 19 81 a8 9e 58 38 57 50 fc 6b 29 56 53 72 ae 95 43 e5 e8 cd a6 40 02 69 e8 4d 89 c3 7b 17 79 c6 27 5b 32 2f 51 f9 9d 7e fc 91 9e eb bc 60 4e 24 b2 49 e8 f2 62 7a c1 e7 d8 4d 17 46 e7 38 1d 34 08 28 96 e3 94 18 9d 68 67 1b 3b 94 16 8a e3 7d 17 94 ce b4 97 f2 60 cb 4a e0 ba d0 c6 35 36 ad 05 77 8b 29 c7 95 48 91 96 9d ae 50 c2 09 26 a9 4d 99 dc 1e 2c 85 ba 03 83 72 4a ac db 48 b4 0b 44 47 40 f0 29 49 b3 db 30 44 53 6b 09 2c 0c 66 53 12 a5 5c d1 74 2e a2 30 15 e5 4c a8 5e 39 ef 36 05 56 6a 2a fb 39 72 c1 a6 c4 a6 06 51 75 0b a3 3f 63 ea 84 56 e5 b1 ad 56 6c 53 23 0a d7 dc f6 99 ad 58 18 25 b3 56 3b 5b aa 72 7d bb f3 20 b2 36 d7 e9 32 47 e5 7a 8c f3 8b 15 2a f7 5e 58 87 0a cd d1 d1 5a 28 ae d7 bd df 7f 7e ff ce b9 e2 57 fc 6b 89 d6 1d 1d fd fb fa c3 2f e1 bf 67 9d 11 6a 2e b2 4d e7 61 c5 0c e0 74 4b 9b 85 91 74 ba a5 3f 47 77 21 d1 37 ff b5 b9 e4 6d 82 c6 68 43 33 44 9e b0 f4 8e da a5 59 e1 86 74 ba fc 1b b6 94 20 25 9d 6e 32 55 b8 86 5d 46 27 6c fa 80 5e a0 31 a9 77 40 2a 45 7a 87 9c 78 ad 15 68 9c 40 3b 7e 28 a9 9e 6b 8e e3 41 bf ff ba bb 40 59 64 4b 39 66 dd 15 1a 2b b4 1a 0f 1e 1f 27 49 4f 17 a8 da e4 ea c3 f5 0d e9 12 8f 48 3b 8e 22 5b 30 63 f4 ba 97 6e 3d a3 97 ea 3c 62 85 88 56 83 a8 3c 9e 74 26 49 cf a2 ab d8 7a 87 8c a3 69 ef 7a 43 97 b0 a2 90 22 65 5e 77 d1 67 ab d5 17 76 5d 87 f3 e8 b5 5e 9a 14 e9 7f 70 43 ba 24 3d 3d 1d 64 7d 1c 25 c7 a3 37 a3 51 82 49 36 1a 9e 0c f8 68 94 f0 d3 37 6c 80 a4 33 69 79 62 8a b7 77 ad d6 66 9d ce 24 ed 95 01 c3 9b dd 63 a0 bd d5 16 5d 08 ce d1 73 c2 1b 4b 0c e6 7a 85 cf ac 7a 9c 7c 11 4a 6d f2 f6 c3 cf 95 c0 ef 35 e3 de 02 0d 14 7a a0 b0 af b5 3a e9 74 5f 00 d5 96 ab 64 e9 9c 56 74 83 f6 65 48 ed 6f 50 9a 74 26 64 2b 2e 11 0a d8 d1 51 9b 7d 8d 06 ba e9 33 92 97 90 db 11 17 db af fa 9d c7 4e 97 7f ed ea 41 e7 b1 d3 79 ec 3c 3e 76 da 9d 49 2b 8e 82 2b cf 9e 5c 9d 63 86 06 ac
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://accounts.google.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://apis.google.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://clients2.google.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://clients2.googleusercontent.com
Source: ebdcf7d2-b51d-48d6-9815-1806897981a4.tmp.1.dr, a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://dns.google
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://fonts.googleapis.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://fonts.gstatic.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://ogs.google.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://play.google.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://ssl.gstatic.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://www.google.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://www.googleapis.com
Source: a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drString found in binary or memory: https://www.gstatic.com
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\chrome_BITS_2952_1636688669Jump to behavior
Source: classification engineClassification label: mal72.win@21/31@20/10
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://162.159.129.233
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,1155267026737125538,17040286387175416311,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,1155267026737125538,17040286387175416311,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-62532977-B88.pmaJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		3
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://162.159.129.2336%VirustotalBrowse
http://162.159.129.233100%Avira URL Cloudmalware

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://dns.google0%URL Reputationsafe
http://162.159.129.233/cdn-cgi/styles/main.css100%Avira URL Cloudmalware
http://162.159.129.233/6%VirustotalBrowse
http://162.159.129.233/favicon.ico100%Avira URL Cloudmalware

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
sparrow.cloudflare.com
104.18.3.57
truefalse
    		high
    accounts.google.com
    		142.250.185.77
    		truefalse
      		high
      www.cloudflare.com
      		104.16.123.96
      		truefalse
        		high
        api.radar.cloudflare.com
        		172.64.151.10
        		truefalse
          		high
          clients.l.google.com
          		142.250.186.46
          		truefalse
            		high
            googlehosted.l.googleusercontent.com
            		142.250.74.193
            		truefalse
              		high
              clients2.googleusercontent.com
              		unknown
              		unknownfalse
                		high
                clients2.google.com
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  https://api.radar.cloudflare.com/beacon.jsfalse
                    		high
                    http://162.159.129.233/cdn-cgi/styles/main.csstrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                      		high
                      http://162.159.129.233/trueunknown
                      https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                        		high
                        http://162.159.129.233/trueunknown
                        http://162.159.129.233/favicon.icotrue
                        • Avira URL Cloud: malware
                        		unknown
                        https://www.cloudflare.com/5xx-error-landingfalse
                          		high
                          https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crxfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://www.google.coma4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drfalse
                              		high
                              https://dns.googleebdcf7d2-b51d-48d6-9815-1806897981a4.tmp.1.dr, a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drfalse
                              • URL Reputation: safe
                              		unknown
                              https://ogs.google.coma4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drfalse
                                		high
                                https://play.google.coma4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drfalse
                                  		high
                                  https://accounts.google.coma4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drfalse
                                    		high
                                    https://clients2.googleusercontent.coma4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drfalse
                                      		high
                                      https://apis.google.coma4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drfalse
                                        		high
                                        https://clients2.google.coma4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp.1.drfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          142.250.185.77
                                          		accounts.google.comUnited States
                                          		15169GOOGLEUSfalse
                                          142.250.186.46
                                          		clients.l.google.comUnited States
                                          		15169GOOGLEUSfalse
                                          104.18.3.57
                                          		sparrow.cloudflare.comUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          172.64.151.10
                                          		api.radar.cloudflare.comUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          239.255.255.250
                                          		unknownReserved
                                          		unknownunknownfalse
                                          162.159.129.233
                                          		unknownUnited States
                                          		13335CLOUDFLARENETUSfalse
                                          142.250.74.193
                                          		googlehosted.l.googleusercontent.comUnited States
                                          		15169GOOGLEUSfalse
                                          104.16.123.96
                                          		www.cloudflare.comUnited States
                                          		13335CLOUDFLARENETUSfalse

                                          Private

                                          IP
                                          192.168.2.1
                                          127.0.0.1

                                          General Information

                                          Joe Sandbox Version:34.0.0 Boulder Opal
                                          Analysis ID:606485
                                          Start date and time: 10/04/202212:00:112022-04-10 12:00:11 +02:00
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 4m 38s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:browseurl.jbs
                                          Sample URL:http://162.159.129.233
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:10
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal72.win@21/31@20/10
                                          EGA Information:Failed
                                          HDC Information:Failed
                                          HCA Information:
                                          • Successful, ratio: 100%
                                          • Number of executed functions: 0
                                          • Number of non-executed functions: 0
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Browse: https://www.cloudflare.com/5xx-error-landing

                                          Warnings

                                          • Exclude process from analysis (whitelisted): backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 142.250.184.227, 172.217.18.110, 173.194.160.72, 34.104.35.123, 142.250.186.35, 142.250.74.195
                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.msocsp.com, ctldl.windowsupdate.com, clientservices.googleapis.com, arc.msn.com, r3---sn-1gi7znes.gvt1.com, ocsp.digicert.com, redirector.gvt1.com, edgedl.me.gvt1.com, login.live.com, mscrl.microsoft.com, update.googleapis.com, r3.sn-1gi7znes.gvt1.com, crl3.digicert.com, www.gstatic.com
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size getting too big, too many NtOpenFile calls found.
                                          • Report size getting too big, too many NtSetInformationFile calls found.
                                          • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                          Simulations

                                          Behavior and APIs

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          No context

                                          ASNs

                                          No context

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\027d3140-3925-4e03-8aa6-af0d0dc32a55.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):200470
                                          Entropy (8bit):6.074118347401326
                                          Encrypted:false
                                          SSDEEP:6144:IMY0ITYHLWirBp8b61ZZn0aqfIlUOoSiuRN:IDorWiNDZToy
                                          MD5:ECD304BF84E688E02F3727D7AB7DBB1C
                                          SHA1:EEAC6212A753F8DE54F4DCB9291CE02D5C5ED5C6
                                          SHA-256:145C2FF682CCA7D03B2AD554F74D639342DF1A2A0B3A1084B1003BC57BFA290B
                                          SHA-512:371C7A17880F4A4ECC8E8FED1F1E52950AA0469B03F68C24B0E1FAF1E0F3DE1BB63752FCD567B764F9775A517D6E85C2B410F7BAF882850D7C05C152362B7A8D
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.649617276894897e+12,"network":1.64958488e+12,"ticks":117867950.0,"uncertainty":7927673.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\34a62c33-de9f-4b9b-abdb-cb33a692fe06.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):200470
                                          Entropy (8bit):6.074116217705395
                                          Encrypted:false
                                          SSDEEP:6144:7vY0ITYHLWirBp8b61ZZn0aqfIlUOoSiuRN:7AorWiNDZToy
                                          MD5:45F75D4F20E8B7FAA32F46832D82DE61
                                          SHA1:EA9342D2A7FE8487702F4430EC816A05C685E277
                                          SHA-256:90C299BD103DE09A00DB1AAA2BA164518F4882CEC825B52FB46E171EC9087A15
                                          SHA-512:509EDF8533FC34C73387D4A56595ECC4206910CC3CFEE5D8A717AE0EB5C4DDCC15C514FA87A36746890667DDEA1D5960AFA2EF99188FAA3B9CF2F692B4202700
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.649617276894897e+12,"network":1.64958488e+12,"ticks":117867950.0,"uncertainty":7927673.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639299320"},"plugins":{"metadata":{"adobe-flash-player":{"displ

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\76a63d5d-67ab-4c2f-a1a0-a46461453635.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:data
                                          Category:modified
                                          Size (bytes):95428
                                          Entropy (8bit):3.7504438368914554
                                          Encrypted:false
                                          SSDEEP:384:NMKkrzxuQF6htV6Q3yNXr0vDJ3EDBwHpAGY3rC9Hjx09958rG7mmys+JX3PwO9lm:uUeKF9Ktc4UerLdNoHnuZK7JHxw
                                          MD5:B58E9AFA00429BDEBCDAF903F641426D
                                          SHA1:9AC5FB26165824E33EACEE349916EB50D93FA455
                                          SHA-256:FE44BAC38570897405F1BC5807C19D64E9EC28D1814AE5B38FCEBA52C9BB288C
                                          SHA-512:11E37978863FA8495BF222D19F6E18A3071CBFA8709F216E583CD53BD38EBDBDF193F6BBB31A27AFE5D509609F86FF2EA644B26E53BBBD9DFA5E94E92DE36055
                                          Malicious:false
                                          Reputation:low
                                          Preview:.t..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....Y8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):40
                                          Entropy (8bit):3.254162526001658
                                          Encrypted:false
                                          SSDEEP:3:FkXft0xE1n:+ftIE1n
                                          MD5:BD4642AD6C750A12D912B20BCB92E14D
                                          SHA1:C549F0F48FDD4FBC62E51AC26D7E185160CE2123
                                          SHA-256:4FD71FE78DFE203137C89C9FB0734358FF432F2BC83338112DC7B830F9B30F2C
                                          SHA-512:04410D12EF327614C3AF1251C9906BFEB2977211A7F53CBB08A8C01F9465A382CD001E51AB936A0D196D359F1DECDDAEAF5E7D1DBD49CE5F4FF91BF5C332B6CF
                                          Malicious:false
                                          Reputation:low
                                          Preview:sdPC....................s}.....M..2.!..%

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\04f76e78-0b51-4aff-8840-c276dcf94b49.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):5193
                                          Entropy (8bit):4.990733547078723
                                          Encrypted:false
                                          SSDEEP:96:nMCnqX1pcKI+VLk0JCKL8Tk7j3bOTQVuwn:nMC01pc84KKk7/
                                          MD5:89269734DFF3AB2DE4B80EB1C56A2C52
                                          SHA1:F403098FD87E1D1009154ADDC3FDBF6AB63EFB8D
                                          SHA-256:AA9000E2BC7E614A28966A1637DE5EBCBED9C78921272E3352A3055F7CB47412
                                          SHA-512:5D0EFD567DBA11AAC5853DF35001B474E2642BA453FBC4410879D0A23EFCB225A4A69C993D3B445482B82B049E5E816E13FEE5FC90903246CB92A832899B6E05
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13294090873393869","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\47234683-2b36-487d-87b0-3af9989cf751.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):17357
                                          Entropy (8bit):5.57144910352171
                                          Encrypted:false
                                          SSDEEP:384:+DWtpLl+mXC1kXqKf/pUZNCgVLH2HfD7rU4ze8g4l:NLlvC1kXqKf/pUZNCgVLH2HfnrUggG
                                          MD5:C98286945B551E4921540B7D2DA048B6
                                          SHA1:6EA74B8AA684B4139E41BEA51CFD9820CC65A985
                                          SHA-256:078C727B5525DFC5A70FAC73FE50EE03AC6D09A857EBCDF46A12905223369CDD
                                          SHA-512:A7961ACBAC62E76DFBD5EBF12713F36BBED2D957337C5275AEB02689354DBB48A0A7C6B8D4D5FF5CA6C008CB56E3BC3883437EF116D42031A219C647FC8BB4C6
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13294090872674354","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5b8ecf9a-75c2-4d7f-a6c9-3b149a6781ef.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:very short file (no magic)
                                          Category:dropped
                                          Size (bytes):1
                                          Entropy (8bit):0.0
                                          Encrypted:false
                                          SSDEEP:3:L:L
                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                          Malicious:false
                                          Reputation:low
                                          Preview:.

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5d77380f-f9e7-42a4-8f2e-1a356437cfad.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):5081
                                          Entropy (8bit):4.980759176734017
                                          Encrypted:false
                                          SSDEEP:48:YcaUklSLklwHjZqA8iqTlYqlQuoTw0wJH3CH3G/s8C1Nfct/9BhUJo3KhmeSnpdo:nMCiX1pcV+Lok0JCKL8dk51XbOTQVuwn
                                          MD5:0E4CAA9F756B3AFC9A59D531A1D93CEB
                                          SHA1:CFA34F6F4914C16C7B10899665C07ED63B2A6A48
                                          SHA-256:AAA3669A3F559D6A49AA44FB3C006FD2FC39703744F32FB0A802A347ACB7BC90
                                          SHA-512:D747AEB6E4E99D27AF44C2C7CBDB4C864A1AD4DA64BF20CB641653E93CF8EA4964AA0EFF54472C9ED40F17F26D5B03F263AE6C7242875651D328FBE54A316149
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13294090873393869","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7701331c-8676-4f03-b931-0e3c96265e91.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):5081
                                          Entropy (8bit):4.980908732694836
                                          Encrypted:false
                                          SSDEEP:48:YcaUklSLklwHjZqA8iqTlYqlQuoTw0wJH3CH3G/s8Z1Nfct/9BhUJo3KhmeSnpdo:nMCiX1pcV+LLk0JCKL8dk51XbOTQVuwn
                                          MD5:244A96A4D727A8760DD38A9AD69C05AD
                                          SHA1:C951394C6A0D4A6AB062F880B74A71B74D56F8BB
                                          SHA-256:04915D3538A14C710C376CD894C23B7D329BBB0AA1EDF339479BADB8AB4B8D2D
                                          SHA-512:E985BEFCE71BEE97594393ABA6A4B9C6609302048A618A3D8D79986A9CD85F57B1D72D937297F73216DD6EEFD02CBA7342897C3539D2E64F08485DE6CE7D9B41
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13294090873393869","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\865de91b-ec58-4a62-b4da-c7c3c0f12c5e.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):5142
                                          Entropy (8bit):4.981809346870332
                                          Encrypted:false
                                          SSDEEP:48:YcaUklSLklwHjaqAgiqTlYqlQuoTw0wJH3CH3O/s8Z1Nfct/9BhUJo3KhmeSnpdo:nMCZX1pcV+VLk0JCKL8dk51XbOTQVuwn
                                          MD5:B6072FF407B250949C01D920C7F64545
                                          SHA1:6043A7A21BF602E078CDB8BF8BAECB2DC9FEB3CA
                                          SHA-256:51EE5C20F421AD9B5A71D1F001033EBE5F0A0F83E5A606BCBB68E0C2C9CF924B
                                          SHA-512:9410644DB581E3ADA685C970802FAE234AB2B1BFD0ADCEF23A02B1FE30C8E8C64314FB7B55B05633C4FB2A809E823A55E380F3CD04DB384C1469C530A0F3AD26
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13294090873393869","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):38
                                          Entropy (8bit):1.8784775129881184
                                          Encrypted:false
                                          SSDEEP:3:FQxlXNQxlX:qTCT
                                          MD5:51A2CBB807F5085530DEC18E45CB8569
                                          SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                          SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                          SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                          Malicious:false
                                          Reputation:low
                                          Preview:.f.5................f.5...............

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):372
                                          Entropy (8bit):5.24462261734863
                                          Encrypted:false
                                          SSDEEP:6:IFIq2PWXp+N23iKKdK25+Xqx8chI+IFUtqV0ZmwYV0kwOWXp+N23iKKdK25+Xqx7:Zva5KkTXfchI3FUtF/15f5KkTXfch1J
                                          MD5:C2683EF6BDB105D67F5CD46F0B99589D
                                          SHA1:84CFF8AB76B0FE15882511DE477CE54E8D2AAC41
                                          SHA-256:701CE4CB1D1D2981B96BF943E80FB3FD6A123F189443B34D1544EF28917066C6
                                          SHA-512:5084559FCD402E408BAE6B519A54053966A7575BDB94723FC67C3BF944E29B109B5E3DAEEEA9052901FEA09724363D1037253564F6CAD80FD9CC4950652FB144
                                          Malicious:false
                                          Reputation:low
                                          Preview:2022/04/10-12:01:56.482 11d0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/04/10-12:01:56.483 11d0 Recovering log #3.2022/04/10-12:01:56.483 11d0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):372
                                          Entropy (8bit):5.24462261734863
                                          Encrypted:false
                                          SSDEEP:6:IFIq2PWXp+N23iKKdK25+Xqx8chI+IFUtqV0ZmwYV0kwOWXp+N23iKKdK25+Xqx7:Zva5KkTXfchI3FUtF/15f5KkTXfch1J
                                          MD5:C2683EF6BDB105D67F5CD46F0B99589D
                                          SHA1:84CFF8AB76B0FE15882511DE477CE54E8D2AAC41
                                          SHA-256:701CE4CB1D1D2981B96BF943E80FB3FD6A123F189443B34D1544EF28917066C6
                                          SHA-512:5084559FCD402E408BAE6B519A54053966A7575BDB94723FC67C3BF944E29B109B5E3DAEEEA9052901FEA09724363D1037253564F6CAD80FD9CC4950652FB144
                                          Malicious:false
                                          Reputation:low
                                          Preview:2022/04/10-12:01:56.482 11d0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2022/04/10-12:01:56.483 11d0 Recovering log #3.2022/04/10-12:01:56.483 11d0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):4219
                                          Entropy (8bit):4.871684703914691
                                          Encrypted:false
                                          SSDEEP:48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
                                          MD5:EDC4A4E22003A711AEF67FAED28DB603
                                          SHA1:977E551B9ED5F60D018C030B0B4AA2E33B954556
                                          SHA-256:DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
                                          SHA-512:84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):5193
                                          Entropy (8bit):4.990733547078723
                                          Encrypted:false
                                          SSDEEP:96:nMCnqX1pcKI+VLk0JCKL8Tk7j3bOTQVuwn:nMC01pc84KKk7/
                                          MD5:89269734DFF3AB2DE4B80EB1C56A2C52
                                          SHA1:F403098FD87E1D1009154ADDC3FDBF6AB63EFB8D
                                          SHA-256:AA9000E2BC7E614A28966A1637DE5EBCBED9C78921272E3352A3055F7CB47412
                                          SHA-512:5D0EFD567DBA11AAC5853DF35001B474E2642BA453FBC4410879D0A23EFCB225A4A69C993D3B445482B82B049E5E816E13FEE5FC90903246CB92A832899B6E05
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"account_id_migration_state":2,"account_tracker_service_last_update":"13294090873393869","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):17357
                                          Entropy (8bit):5.57144910352171
                                          Encrypted:false
                                          SSDEEP:384:+DWtpLl+mXC1kXqKf/pUZNCgVLH2HfD7rU4ze8g4l:NLlvC1kXqKf/pUZNCgVLH2HfnrUggG
                                          MD5:C98286945B551E4921540B7D2DA048B6
                                          SHA1:6EA74B8AA684B4139E41BEA51CFD9820CC65A985
                                          SHA-256:078C727B5525DFC5A70FAC73FE50EE03AC6D09A857EBCDF46A12905223369CDD
                                          SHA-512:A7961ACBAC62E76DFBD5EBF12713F36BBED2D957337C5275AEB02689354DBB48A0A7C6B8D4D5FF5CA6C008CB56E3BC3883437EF116D42031A219C647FC8BB4C6
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13294090872674354","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):270336
                                          Entropy (8bit):0.0012471779557650352
                                          Encrypted:false
                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                          Malicious:false
                                          Reputation:low
                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):420
                                          Entropy (8bit):4.985305467053914
                                          Encrypted:false
                                          SSDEEP:6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
                                          MD5:C401B619D9D8E0ADABC25A47EE49CFBA
                                          SHA1:C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
                                          SHA-256:8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
                                          SHA-512:BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\ebdcf7d2-b51d-48d6-9815-1806897981a4.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):420
                                          Entropy (8bit):4.985305467053914
                                          Encrypted:false
                                          SSDEEP:6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
                                          MD5:C401B619D9D8E0ADABC25A47EE49CFBA
                                          SHA1:C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
                                          SHA-256:8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
                                          SHA-512:BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a4d27cb4-6bfe-43c0-b790-ca29b04682e8.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):4219
                                          Entropy (8bit):4.871684703914691
                                          Encrypted:false
                                          SSDEEP:48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
                                          MD5:EDC4A4E22003A711AEF67FAED28DB603
                                          SHA1:977E551B9ED5F60D018C030B0B4AA2E33B954556
                                          SHA-256:DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
                                          SHA-512:84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                          MD5:6752A1D65B201C13B62EA44016EB221F
                                          SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                          SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                          SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                          Malicious:false
                                          Reputation:low
                                          Preview:MANIFEST-000004.

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text
                                          Category:dropped
                                          Size (bytes):16
                                          Entropy (8bit):3.2743974703476995
                                          Encrypted:false
                                          SSDEEP:3:1sjgWIV//Rv:1qIFJ
                                          MD5:6752A1D65B201C13B62EA44016EB221F
                                          SHA1:58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
                                          SHA-256:0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
                                          SHA-512:9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
                                          Malicious:false
                                          Reputation:low
                                          Preview:MANIFEST-000004.

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fbfaac4c-a5a1-45a3-8b05-a6d9536eb092.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):17356
                                          Entropy (8bit):5.571331592402148
                                          Encrypted:false
                                          SSDEEP:384:+DWtwLl+mXC1kXqKf/pUZNCgVLH2HfD7rU4Ke8g4oU:cLlvC1kXqKf/pUZNCgVLH2HfnrUhgu
                                          MD5:6A4B823C522F3B626013813FB4C02E1D
                                          SHA1:5CCCD7E54CFF405FE2D7551F3B362E29A70C32C5
                                          SHA-256:B6B17CF9C9D6F99FF20E84E72249694F8B3AB1B59C8A55453070B6AB5DEE4086
                                          SHA-512:C66EBF541BACC2D73D4F3A7D580BA3C711673FAD78F77F31ADA57393110D2071EF1FF2CB2978D79094A80A04D9E050E4C64FE4E6A14E5FBDF7350FA9FFDB737F
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"download":{"always_open_pdf_externally":true,"directory_upgrade":true,"extensions_to_open":"pdf:doc:docx:docxm:docm:xls:xlsx:xlsxm:xlsm:ppt:pptx:pptxm:pptm:mht:rtf:pub:vsd:mpp:mdb:dot:dotm:xlsb:xll:hwp:show:cell:hwpx:hwt:jtd:zip:iso:7z:rar:tar:vbs:js:jse:vbe:exe:html:htm:xhtml:tbz2:lz"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13294090872674354","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_i

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):106
                                          Entropy (8bit):3.138546519832722
                                          Encrypted:false
                                          SSDEEP:3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
                                          MD5:DE9EF0C5BCC012A3A1131988DEE272D8
                                          SHA1:FA9CCBDC969AC9E1474FCE773234B28D50951CD8
                                          SHA-256:3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
                                          SHA-512:CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
                                          Malicious:false
                                          Reputation:low
                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with no line terminators
                                          Category:dropped
                                          Size (bytes):13
                                          Entropy (8bit):2.8150724101159437
                                          Encrypted:false
                                          SSDEEP:3:Yx7:4
                                          MD5:C422F72BA41F662A919ED0B70E5C3289
                                          SHA1:AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
                                          SHA-256:02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
                                          SHA-512:86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
                                          Malicious:false
                                          Reputation:low
                                          Preview:85.0.4183.121

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):191989
                                          Entropy (8bit):6.045029479013978
                                          Encrypted:false
                                          SSDEEP:3072:eiVIGfa0Bes9TY2QDDXLlsiRNm+a6p389FZ61Phh/neFcbXafIB0u1GOJmA3iuRN:UY0ITYHLWirBp8b61ZZn0aqfIlUOoSi8
                                          MD5:D311A5508725859A7F714F2A68E7661C
                                          SHA1:6359909F91520F3A53B8A76062E9F0C5D88150E8
                                          SHA-256:405CC575426FF5BF5346F6C9F4E2473BA9F569536431F673B1C9E0FA4D1FAD32
                                          SHA-512:BA17EFB1959D170CA97BD2F491D1110424232F5A6C626903E0E83CA7296C1186DC27BDB05EE1907827DAF0F8637FD3BEFD15F96967D86D84F7D5A1B481831168
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.649617276894897e+12,"network":1.64958488e+12,"ticks":117867950.0,"uncertainty":7927673.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639299320"},"plugins":{"metadata":{"adobe-flash-player":{"displ

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):95428
                                          Entropy (8bit):3.7504438368914554
                                          Encrypted:false
                                          SSDEEP:384:NMKkrzxuQF6htV6Q3yNXr0vDJ3EDBwHpAGY3rC9Hjx09958rG7mmys+JX3PwO9lm:uUeKF9Ktc4UerLdNoHnuZK7JHxw
                                          MD5:B58E9AFA00429BDEBCDAF903F641426D
                                          SHA1:9AC5FB26165824E33EACEE349916EB50D93FA455
                                          SHA-256:FE44BAC38570897405F1BC5807C19D64E9EC28D1814AE5B38FCEBA52C9BB288C
                                          SHA-512:11E37978863FA8495BF222D19F6E18A3071CBFA8709F216E583CD53BD38EBDBDF193F6BBB31A27AFE5D509609F86FF2EA644B26E53BBBD9DFA5E94E92DE36055
                                          Malicious:false
                                          Reputation:low
                                          Preview:.t..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....Y8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\c033b660-9cbd-407f-b141-7b7e7a12daf1.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):191989
                                          Entropy (8bit):6.045029479013978
                                          Encrypted:false
                                          SSDEEP:3072:eiVIGfa0Bes9TY2QDDXLlsiRNm+a6p389FZ61Phh/neFcbXafIB0u1GOJmA3iuRN:UY0ITYHLWirBp8b61ZZn0aqfIlUOoSi8
                                          MD5:D311A5508725859A7F714F2A68E7661C
                                          SHA1:6359909F91520F3A53B8A76062E9F0C5D88150E8
                                          SHA-256:405CC575426FF5BF5346F6C9F4E2473BA9F569536431F673B1C9E0FA4D1FAD32
                                          SHA-512:BA17EFB1959D170CA97BD2F491D1110424232F5A6C626903E0E83CA7296C1186DC27BDB05EE1907827DAF0F8637FD3BEFD15F96967D86D84F7D5A1B481831168
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.649617276894897e+12,"network":1.64958488e+12,"ticks":117867950.0,"uncertainty":7927673.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639299320"},"plugins":{"metadata":{"adobe-flash-player":{"displ

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\cc757d18-d972-4be4-8cf3-7a79b38381ac.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:SysEx File -
                                          Category:dropped
                                          Size (bytes):94708
                                          Entropy (8bit):3.750472402451249
                                          Encrypted:false
                                          SSDEEP:384:dMKkrzxuQF6htV6Q3yNXr0vDJ3EDBwHpAGY3rC9Hjx09958rG7mmx+JX3PwO9l/4:+UeKF9Ktg4UerLdNoHnuZK7JHxC
                                          MD5:D66DC943533E7B5A225042136CC7B56F
                                          SHA1:778AF88EFED14A1E6B5E5F49C90633E48660345F
                                          SHA-256:B56BE8B3D225CC16079D1F770FAF60819823E53B8331D4DFC0DDB084A7E4F8D8
                                          SHA-512:9C20FB2C5B53915124B9FBF701C4ACD6089C8229999ECDD72817D4381C4F6753437C0F29176CFB68CF06C7DAC8E56A181FA0724CB097C2160094D0E1567D0044
                                          Malicious:false
                                          Reputation:low
                                          Preview:.q..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....Y8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\ccaca5f2-6e8e-4e6b-9873-98d646431699.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):200471
                                          Entropy (8bit):6.074116040986055
                                          Encrypted:false
                                          SSDEEP:6144:MxY0ITYHLWirBp8b61ZZn0aqfIlUOoSiuRN:MKorWiNDZToy
                                          MD5:09951EFD56FDACA8C73FBDAFB0E6EEB3
                                          SHA1:FF2FE88F277689625487D79BC5FD781A01452558
                                          SHA-256:895C83B221ABE6662C31353950267774BCBB710D6D8A64ECA8D5032F9AB37A2A
                                          SHA-512:74840548842DD82BDA4AC8060267CB09684A21CD8D743526241C555EF04E6C3FA8662461F4C466E980321301432BBEE74F9C46DA4F6A8D05B9C1D8D4437DD78B
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.649617276894897e+12,"network":1.64958488e+12,"ticks":117867950.0,"uncertainty":7927673.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13291230639299320"},"plugins":{"metadata":{"adobe-flash-player":{"displ

                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\e5dfe551-3e1e-4421-9032-479f90216eef.tmp

                                          Download File
                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          File Type:ASCII text, with very long lines, with no line terminators
                                          Category:dropped
                                          Size (bytes):200470
                                          Entropy (8bit):6.074118347401326
                                          Encrypted:false
                                          SSDEEP:6144:IMY0ITYHLWirBp8b61ZZn0aqfIlUOoSiuRN:IDorWiNDZToy
                                          MD5:ECD304BF84E688E02F3727D7AB7DBB1C
                                          SHA1:EEAC6212A753F8DE54F4DCB9291CE02D5C5ED5C6
                                          SHA-256:145C2FF682CCA7D03B2AD554F74D639342DF1A2A0B3A1084B1003BC57BFA290B
                                          SHA-512:371C7A17880F4A4ECC8E8FED1F1E52950AA0469B03F68C24B0E1FAF1E0F3DE1BB63752FCD567B764F9775A517D6E85C2B410F7BAF882850D7C05C152362B7A8D
                                          Malicious:false
                                          Reputation:low
                                          Preview:{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.649617276894897e+12,"network":1.64958488e+12,"ticks":117867950.0,"uncertainty":7927673.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

                                          Static File Info

                                          No static file info

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          04/10/22-12:01:17.964179TCP1201ATTACK-RESPONSES 403 Forbidden8049723162.159.129.233192.168.2.3
                                          04/10/22-12:01:48.781267TCP1201ATTACK-RESPONSES 403 Forbidden8049722162.159.129.233192.168.2.3

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 10, 2022 12:01:14.894160032 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:14.895087004 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:14.959307909 CEST49724443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:01:14.959356070 CEST44349724142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:01:14.959625959 CEST49724443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:01:14.961220026 CEST49724443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:01:14.961246967 CEST44349724142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:01:15.146372080 CEST4972580192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:17.895245075 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:17.898211002 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:17.927191973 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:17.927208900 CEST8049723162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:17.927345037 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:17.927345991 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:17.930602074 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:17.964157104 CEST8049723162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:17.964179039 CEST8049723162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:17.964194059 CEST8049723162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:17.964205980 CEST8049723162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:17.964216948 CEST8049723162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:17.964320898 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:17.964358091 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:17.965979099 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:18.046508074 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:18.071628094 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:18.071647882 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:18.071664095 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:18.071676016 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:18.071748018 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:18.084945917 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:18.085005999 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:18.085124969 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:18.086509943 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:18.086564064 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:18.113225937 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:18.147212029 CEST4972580192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:18.267220020 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:18.867521048 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:19.018088102 CEST49732443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:19.018126011 CEST44349732142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:19.018260002 CEST49732443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:19.018948078 CEST49732443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:19.018973112 CEST44349732142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:19.054711103 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:19.060554028 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:19.060599089 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:19.062568903 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:19.062669992 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:19.305084944 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:19.305366039 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:19.305466890 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:19.346643925 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:19.346688032 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:19.387816906 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:20.068571091 CEST4972380192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:20.087727070 CEST8049723162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:24.154849052 CEST4972580192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:24.179279089 CEST8049725162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:24.179356098 CEST4972580192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:25.205902100 CEST8049725162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:25.206046104 CEST4972580192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:44.965186119 CEST49724443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:01:45.006217957 CEST44349724142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:01:46.043076992 CEST4972580192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:46.043539047 CEST49756443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:01:46.043581009 CEST44349756142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:01:46.043677092 CEST49756443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:01:46.045615911 CEST49756443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:01:46.045638084 CEST44349756142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:01:47.131278992 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:47.131422043 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:47.131628036 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:47.132474899 CEST49731443192.168.2.3172.64.151.10
                                          Apr 10, 2022 12:01:47.132505894 CEST44349731172.64.151.10192.168.2.3
                                          Apr 10, 2022 12:01:47.236563921 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:47.654339075 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:47.974715948 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:48.753741980 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:48.781248093 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:48.781266928 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:48.781281948 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:48.781292915 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:48.781305075 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:48.781413078 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:48.785425901 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:48.860466957 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:48.860579967 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:49.035206079 CEST49732443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:49.078203917 CEST44349732142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:49.097733974 CEST4972580192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:50.986346006 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:50.986411095 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:50.986525059 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:50.987045050 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:50.987066031 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.051266909 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.091492891 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:51.091553926 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.092518091 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.092540979 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.092660904 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:51.094702959 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.094794035 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:51.094813108 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.099940062 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:51.099987984 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:51.100006104 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.100178957 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.125332117 CEST4972280192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:51.141007900 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:51.141047001 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.178462982 CEST8049722162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:01:51.187877893 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:51.600776911 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.601181030 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:51.601305962 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:51.812545061 CEST49763443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:51.812593937 CEST44349763142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:52.484519005 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.484555960 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:52.484638929 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.484900951 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.484911919 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:52.524730921 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.524791002 CEST44349769104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:52.524883032 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.525321960 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.525346041 CEST44349769104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:52.564038038 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:52.564340115 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.564362049 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:52.566098928 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:52.566215992 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.568933964 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.569350958 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:52.569894075 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:52.569905043 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:52.610418081 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:55.167670012 CEST4972580192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:01:55.603307009 CEST44349769104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:55.603784084 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:55.603832006 CEST44349769104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:55.605241060 CEST44349769104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:55.605353117 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:55.607326984 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:55.607530117 CEST44349769104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:55.733649969 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:55.733679056 CEST44349769104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:01:55.773647070 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:01:56.536526918 CEST49782443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:56.536587954 CEST44349782142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:01:56.536715031 CEST49782443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:56.537223101 CEST49782443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:56.537242889 CEST44349782142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:05.852319956 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:02:05.852632999 CEST44349769104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:02:05.852682114 CEST44349769104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:02:05.852725029 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:02:05.852761984 CEST49769443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:02:07.226892948 CEST4972580192.168.2.3162.159.129.233
                                          Apr 10, 2022 12:02:07.274338007 CEST8049725162.159.129.233192.168.2.3
                                          Apr 10, 2022 12:02:07.556335926 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:02:07.556483030 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:02:07.556595087 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:02:07.561646938 CEST49767443192.168.2.3104.16.123.96
                                          Apr 10, 2022 12:02:07.561675072 CEST44349767104.16.123.96192.168.2.3
                                          Apr 10, 2022 12:02:11.075603008 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:11.075659990 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:11.075767994 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:11.076292038 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:11.076317072 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:12.167604923 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:12.170409918 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:12.170533895 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:12.171678066 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:12.171798944 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:12.175827026 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:12.175959110 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:12.175991058 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:12.218180895 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:12.219479084 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:12.219499111 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:12.266325951 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:13.127110958 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:13.172645092 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:13.172683954 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:13.173438072 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:13.173858881 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:13.173943996 CEST44349814104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:13.173948050 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:13.174042940 CEST49814443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:13.174716949 CEST49820443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:13.174798965 CEST44349820104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:13.174905062 CEST49820443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:13.175169945 CEST49820443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:13.175200939 CEST44349820104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:13.763201952 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:13.763271093 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:13.763376951 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:13.763607979 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:13.763629913 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.054574013 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.110280037 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:14.298438072 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:14.298494101 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.299474001 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.299505949 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.299582005 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:14.301947117 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.302067041 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:14.302114010 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.304775953 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:14.304912090 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:14.304925919 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.305005074 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.344852924 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:14.344892025 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:02:14.407166004 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:16.048417091 CEST49756443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:16.090187073 CEST44349756142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:18.538897038 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:18.538924932 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:18.539767981 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:18.540060997 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:18.540074110 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:19.079412937 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:19.085546970 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:19.085568905 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:19.086941957 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:19.087212086 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:19.089570999 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:19.089689016 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:19.089782000 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:19.134182930 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:19.142066002 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:19.142086983 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:19.188838959 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:21.035162926 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:21.035507917 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:21.037151098 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:21.042109013 CEST49829443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:21.042129040 CEST44349829142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:26.543417931 CEST49782443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:26.590178967 CEST44349782142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:30.012592077 CEST49724443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:02:30.012603045 CEST44349724142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:02:34.091056108 CEST49732443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:34.091075897 CEST44349732142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:37.117562056 CEST49840443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:37.117636919 CEST44349840142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:37.117784977 CEST49840443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:37.118011951 CEST49840443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:37.118036032 CEST44349840142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:43.180452108 CEST49820443192.168.2.3104.18.3.57
                                          Apr 10, 2022 12:02:43.222178936 CEST44349820104.18.3.57192.168.2.3
                                          Apr 10, 2022 12:02:59.353655100 CEST49821443192.168.2.3142.250.74.193
                                          Apr 10, 2022 12:02:59.353707075 CEST44349821142.250.74.193192.168.2.3
                                          Apr 10, 2022 12:03:01.260015965 CEST49756443192.168.2.3142.250.185.77
                                          Apr 10, 2022 12:03:01.260046005 CEST44349756142.250.185.77192.168.2.3
                                          Apr 10, 2022 12:03:05.509259939 CEST44349782142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:03:05.509464979 CEST49782443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:03:07.167125940 CEST49840443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:03:07.210199118 CEST44349840142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:03:08.571439981 CEST44349840142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:03:08.571628094 CEST49840443192.168.2.3142.250.186.46

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Apr 10, 2022 12:01:14.899271965 CEST5139153192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:14.903243065 CEST5898153192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:14.954231977 CEST53589818.8.8.8192.168.2.3
                                          Apr 10, 2022 12:01:15.924799919 CEST5139153192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:16.973804951 CEST5139153192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:18.051520109 CEST6314653192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:18.079900980 CEST53631468.8.8.8192.168.2.3
                                          Apr 10, 2022 12:01:18.248226881 CEST5298553192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:18.985183954 CEST5139153192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:19.015218973 CEST53513918.8.8.8192.168.2.3
                                          Apr 10, 2022 12:01:19.243798971 CEST5298553192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:20.272061110 CEST5298553192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:22.324213982 CEST5298553192.168.2.38.8.8.8
                                          Apr 10, 2022 12:01:22.353442907 CEST53529858.8.8.8192.168.2.3
                                          Apr 10, 2022 12:01:56.234395981 CEST49724443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:56.485811949 CEST49724443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:56.786782026 CEST49724443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:57.387403965 CEST49724443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:01:58.589520931 CEST49724443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:00.240115881 CEST49724443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:08.989742041 CEST5015253192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:10.000998974 CEST5015253192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:11.032040119 CEST5015253192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:11.074040890 CEST53501528.8.8.8192.168.2.3
                                          Apr 10, 2022 12:02:13.698575020 CEST5663953192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:13.729248047 CEST53566398.8.8.8192.168.2.3
                                          Apr 10, 2022 12:02:18.505513906 CEST5496053192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:18.537638903 CEST53549608.8.8.8192.168.2.3
                                          Apr 10, 2022 12:02:28.463074923 CEST6187753192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:29.450437069 CEST6187753192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:30.466548920 CEST6187753192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:32.513552904 CEST6187753192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:36.593013048 CEST6187753192.168.2.38.8.8.8
                                          Apr 10, 2022 12:02:36.624443054 CEST53618778.8.8.8192.168.2.3
                                          Apr 10, 2022 12:02:36.795000076 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:36.822443962 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:36.890073061 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:37.048820019 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:37.149162054 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:37.210912943 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:37.384306908 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:38.026624918 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:39.164371967 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:39.193717957 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.193763018 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.193779945 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.193794966 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.193810940 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.194262028 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:39.195111036 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:39.204838037 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:39.205193996 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:39.225949049 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.250238895 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.250256062 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.250268936 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.250283957 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.250296116 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.250802994 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:39.250972033 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:39.277374029 CEST61878443192.168.2.3142.250.186.46
                                          Apr 10, 2022 12:02:39.403641939 CEST44361878142.250.186.46192.168.2.3
                                          Apr 10, 2022 12:02:39.430042982 CEST61878443192.168.2.3142.250.186.46

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Apr 10, 2022 12:01:14.899271965 CEST192.168.2.38.8.8.80x64faStandard query (0)clients2.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:14.903243065 CEST192.168.2.38.8.8.80xe419Standard query (0)accounts.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:15.924799919 CEST192.168.2.38.8.8.80x64faStandard query (0)clients2.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:16.973804951 CEST192.168.2.38.8.8.80x64faStandard query (0)clients2.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:18.051520109 CEST192.168.2.38.8.8.80xa7fdStandard query (0)api.radar.cloudflare.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:18.248226881 CEST192.168.2.38.8.8.80xb37cStandard query (0)www.cloudflare.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:18.985183954 CEST192.168.2.38.8.8.80x64faStandard query (0)clients2.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:19.243798971 CEST192.168.2.38.8.8.80xb37cStandard query (0)www.cloudflare.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:20.272061110 CEST192.168.2.38.8.8.80xb37cStandard query (0)www.cloudflare.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:22.324213982 CEST192.168.2.38.8.8.80xb37cStandard query (0)www.cloudflare.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:08.989742041 CEST192.168.2.38.8.8.80x6c61Standard query (0)sparrow.cloudflare.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:10.000998974 CEST192.168.2.38.8.8.80x6c61Standard query (0)sparrow.cloudflare.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:11.032040119 CEST192.168.2.38.8.8.80x6c61Standard query (0)sparrow.cloudflare.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:13.698575020 CEST192.168.2.38.8.8.80x67a2Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:18.505513906 CEST192.168.2.38.8.8.80xf528Standard query (0)accounts.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:28.463074923 CEST192.168.2.38.8.8.80xd6c4Standard query (0)clients2.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:29.450437069 CEST192.168.2.38.8.8.80xd6c4Standard query (0)clients2.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:30.466548920 CEST192.168.2.38.8.8.80xd6c4Standard query (0)clients2.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:32.513552904 CEST192.168.2.38.8.8.80xd6c4Standard query (0)clients2.google.comA (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:36.593013048 CEST192.168.2.38.8.8.80xd6c4Standard query (0)clients2.google.comA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Apr 10, 2022 12:01:14.954231977 CEST8.8.8.8192.168.2.30xe419No error (0)accounts.google.com142.250.185.77A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:18.079900980 CEST8.8.8.8192.168.2.30xa7fdNo error (0)api.radar.cloudflare.com172.64.151.10A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:18.079900980 CEST8.8.8.8192.168.2.30xa7fdNo error (0)api.radar.cloudflare.com104.18.36.246A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:19.015218973 CEST8.8.8.8192.168.2.30x64faNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)
                                          Apr 10, 2022 12:01:19.015218973 CEST8.8.8.8192.168.2.30x64faNo error (0)clients.l.google.com142.250.186.46A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:22.353442907 CEST8.8.8.8192.168.2.30xb37cNo error (0)www.cloudflare.com104.16.123.96A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:01:22.353442907 CEST8.8.8.8192.168.2.30xb37cNo error (0)www.cloudflare.com104.16.124.96A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:11.074040890 CEST8.8.8.8192.168.2.30x6c61No error (0)sparrow.cloudflare.com104.18.3.57A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:11.074040890 CEST8.8.8.8192.168.2.30x6c61No error (0)sparrow.cloudflare.com104.18.2.57A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:13.729248047 CEST8.8.8.8192.168.2.30x67a2No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)
                                          Apr 10, 2022 12:02:13.729248047 CEST8.8.8.8192.168.2.30x67a2No error (0)googlehosted.l.googleusercontent.com142.250.74.193A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:18.537638903 CEST8.8.8.8192.168.2.30xf528No error (0)accounts.google.com142.250.185.77A (IP address)IN (0x0001)
                                          Apr 10, 2022 12:02:36.624443054 CEST8.8.8.8192.168.2.30xd6c4No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)
                                          Apr 10, 2022 12:02:36.624443054 CEST8.8.8.8192.168.2.30xd6c4No error (0)clients.l.google.com142.250.186.46A (IP address)IN (0x0001)

                                          HTTP Request Dependency Graph

                                          • api.radar.cloudflare.com
                                          • clients2.google.com
                                          • www.cloudflare.com
                                          • clients2.googleusercontent.com
                                          • accounts.google.com
                                          • 162.159.129.233

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.349731172.64.151.10443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.349763142.250.186.46443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.349767104.16.123.96443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          3192.168.2.349814104.18.3.57443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          4192.168.2.349821142.250.74.193443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          5192.168.2.349829142.250.185.77443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          6192.168.2.349723162.159.129.23380C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 10, 2022 12:01:17.930602074 CEST36OUTGET / HTTP/1.1
                                          Host: 162.159.129.233
                                          Connection: keep-alive
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Apr 10, 2022 12:01:17.964179039 CEST37INHTTP/1.1 403 Forbidden
                                          Date: Sun, 10 Apr 2022 10:01:17 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          X-Frame-Options: SAMEORIGIN
                                          Referrer-Policy: same-origin
                                          Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                          Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                          Vary: Accept-Encoding
                                          Server: cloudflare
                                          CF-RAY: 6f9aa3ef29025c4a-FRA
                                          Content-Encoding: gzip
                                          Data Raw: 37 64 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 5b 6f 1b 37 16 7e d7 af 38 e1 02 5e 09 10 35 92 2c 5f 22 8d 54 74 1d 17 f1 6e da 18 8d 83 36 28 0a 83 33 3c 23 d1 e6 90 53 92 92 2c 64 fd df 17 1c ce c8 23 c9 f1 26 0f 41 f5 a0 e1 f5 f0 5c be 73 21 e3 57 6f de 5f dc 7c ba be 84 85 cb e5 ac 15 bf a2 f4 0f 91 81 74 70 75 09 67 7f ce 20 f6 13 90 4a 66 ed 94 28 4d ef 2c 08 3c 05 2d b9 40 02 92 a9 f9 94 a0 a2 1f 3f 90 19 c4 af fe 40 c5 45 f6 27 a5 4f a4 2a 3a 00 cf 93 3a fb 36 52 e7 2f 90 3a ff 06 52 73 57 51 f3 03 cf 49 79 48 85 d2 5d 4a 0b 64 7c d6 8a 9d 70 12 67 6f 84 c1 d4 c1 d5 35 b0 34 45 6b 41 69 07 4c 4a bd 46 0e ff 85 0b a9 97 3c 93 cc 60 1c 85 0d ad 38 47 c7 20 5d 30 63 d1 4d c9 c7 9b 9f e8 39 81 a8 9e 58 38 57 50 fc 6b 29 56 53 72 a1 95 43 e5 e8 cd a6 40 02 69 e8 4d 89 c3 07 17 79 c6 27 5b 32 2f 51 f9 9d 7e fc 91 5e e8 bc 60 4e 24 b2 49 e8 ea 72 7a c9 e7 d8 4d 17 46 e7 38 1d 34 08 28 96 e3 94 18 9d 68 67 1b 3b 94 16 8a e3 43 17 94 ce b4 97 f2 60 cb 4a e0 ba d0 c6 35 36 ad 05 77 8b 29 c7 95 48 91 96 9d ae 50 c2 09 26 a9 4d 99 dc 1e 2c 85 ba 07 83 72 4a ac db 48 b4 0b 44 47 40 f0 29 49 b3 db 30 44 53 6b 09 2c 0c 66 53 12 a5 5c d1 74 2e a2 30 15 e5 4c a8 5e 39 ef 36 05 56 6a 2a fb 39 72 c1 a6 c4 a6 06 51 75 0b a3 ef 30 75 42 ab f2 d8 56 2b b6 a9 11 85 6b 6e bb 63 2b 16 46 c9 ac d5 ce 96 aa 5c df ee 7c 16 59 9b eb 74 99 a3 72 3d c6 f9 e5 0a 95 7b 27 ac 43 85 e6 e8 68 2d 14 d7 eb de ef 3f bf 7b eb 5c f1 2b fe b5 44 eb 8e 8e fe fd e1 fd 2f e1 bf 67 9d 11 6a 2e b2 4d e7 f3 8a 19 c0 e9 96 36 0b 23 e9 74 4b 7f 8e ee 52 a2 6f fe 6b 73 c5 db 04 8d d1 86 66 88 3c 61 e9 3d b5 4b b3 c2 0d e9 74 f9 37 6c 29 41 4a 3a dd 64 aa 70 0d bb 8c 4e d8 f4 33 7a 81 c6 a4 de 01 a9 14 e9 3d 72 e2 b5 56 a0 71 02 ed f8 73 49 f5 42 73 1c 0f fa fd e3 ee 02 65 91 2d e5 98 75 57 68 ac d0 6a 3c 78 7c 9c 24 3d 5d a0 6a 93 eb f7 1f 6e 48 97 78 44 da 71 14 d9 82 19 a3 d7 bd 74 eb 19 bd 54 e7 11 2b 44 b4 1a 44 e5 f1 a4 33 49 7a 16 5d c5 d6 5b 64 1c 4d 7b d7 1b ba 84 15 85 14 29 f3 ba 8b ee ac 56 5f d8 f5 21 9c 47 3f e8 a5 49 91 fe 07 37 a4 4b d2 b3 b3 41 d6 c7 51 72 32 7a 3d 1a 25 98 64 a3 e1 e9 80 8f 46 09 3f 7b cd 06 48 3a 93 96 27 a6 78 7b d7 6a 6d d6 e9 4c d2 5e 19 30 bc d9 3d 06 da 5b 6d d1 85 e0 1c 3d 27 bc b1 c4 60 ae 57 f8 cc aa c7 c9 17 a1 d4 26 6f de ff 5c 09 fc 4e 33 ee 2d d0 40 a1 07 0a fb 5a ab 93 4e f7 05 50 6d b9 4a 96 ce 69 45 37 68 5f 86 d4 fe 06 a5 49 67 42 b6 e2 12 a1 80 1d 1d b5 d9 d7 68 a0 9b 3e 23 79 09 b9 1d 71 b1 fd aa df 79 ec 74 f9 d7 ae 1e 74 1e 3b 9d c7 ce e3 63 a7 dd 99 b4 e2 28 b8 f2 ec c9 d5 39 66 68 c0 9a 74 ba 05 26 2b 44 cf 30 ce cc 3e 34 13 64 a9 56 bd 3b 4b 66 4f 94 e2 a8 4a 03 89 e6 9b 59 0b 20 e6 62 55 c5 2a ba 36 ac 28 d0 10
                                          Data Ascii: 7d7X[o7~8^5,_"Ttn6(3<#S,d#&A\s!Wo_|tpug Jf(M,<-@?@E'O*::6R/:RsWQIyH]Jd|pgo54EkAiLJF<`8G ]0cM9X8WPk)VSrC@iMy'[2/Q~^`N$IrzMF84(hg;C`J56w)HP&M,rJHDG@)I0DSk,fS\t.0L^96Vj*9rQu0uBV+knc+F\|Ytr={'Ch-?{\+D/gj.M6#tKRoksf<a=Kt7l)AJ:dpN3z=rVqsIBse-uWhj<x|$=]jnHxDqtT+DD3Iz][dM{)V_!G?I7KAQr2z=%dF?{H:'x{jmL^0=[m='`W&o\N3-@ZNPmJiE7h_IgBh>#yqytt;c(9fht&+D0>4dV;KfOJY bU*6(
                                          Apr 10, 2022 12:01:17.964194059 CEST39INData Raw: 3f 5e cd 54 29 26 cd 28 93 68 1c d4 0d 5a da ca 77 53 ad ef 05 56 fd 4a 41 81 60 98 28 97 13 e0 cc 31 ea 0c 53 56 32 87 3e 4f b1 44 e2 6d 58 64 c9 ec 5a 22 b3 08 61 18 aa e1 5e 1c 71 b1 6a b0 53 31 1a 80 c2 d1 31 21 7d 98 0f 4c 16 b4 5f b1 ee 13
                                          Data Ascii: ?^T)&(hZwSVJA`(1SV2>ODmXdZ"a^qjS11!}L_nGT@i(AGfK)!O^0|K<%BHCUBR|}?U6dKg$2.:y*@l5Af 7|;-(b<kis
                                          Apr 10, 2022 12:01:17.964205980 CEST39INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          7192.168.2.349722162.159.129.23380C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData
                                          Apr 10, 2022 12:01:18.046508074 CEST39OUTGET /cdn-cgi/styles/main.css HTTP/1.1
                                          Host: 162.159.129.233
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept: text/css,*/*;q=0.1
                                          Referer: http://162.159.129.233/
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Apr 10, 2022 12:01:18.071647882 CEST41INHTTP/1.1 200 OK
                                          Date: Sun, 10 Apr 2022 10:01:18 GMT
                                          Content-Type: text/css
                                          Transfer-Encoding: chunked
                                          Connection: keep-alive
                                          Last-Modified: Thu, 24 Mar 2022 11:29:15 GMT
                                          ETag: W/"623c560b-1d02"
                                          Server: cloudflare
                                          CF-RAY: 6f9aa3efdeff9049-FRA
                                          X-Frame-Options: DENY
                                          X-Content-Type-Options: nosniff
                                          Vary: Accept-Encoding
                                          Expires: Sun, 10 Apr 2022 12:01:18 GMT
                                          Cache-Control: max-age=7200
                                          Cache-Control: public
                                          Content-Encoding: gzip
                                          Data Raw: 37 64 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 e5 59 4b 8f e3 b8 11 be e7 57 18 db 18 a0 bd 10 35 7a d8 ea 6e e9 92 4d 90 20 7b c8 1e 32 08 90 00 7d a1 24 ca 66 4c 91 02 49 b7 ed 11 f4 df 03 be 64 4a 96 1b dd c1 26 40 b0 e3 d1 8c 58 5f 55 b1 58 7c 54 b1 14 56 8c 4a 88 29 e2 fd 09 d7 72 9f c7 51 f4 65 08 cb 1d 38 ed b1 44 3d 00 e5 0e b0 0e 56 58 5e f2 b8 28 61 75 d8 71 76 a4 35 a8 18 61 3c 7f 68 9a e6 96 ca 77 25 7c 4c b6 db c0 3d 6f 90 3f fa aa d6 6b dd 47 85 a8 44 bc f7 e4 3b 26 b0 c4 8c e6 5b 6b 06 65 80 a3 0e 41 e9 73 19 4a 3e 62 43 58 32 5e 23 0e 76 1c 5e 40 1a 45 ca 6e 43 f1 6c 37 04 6b 37 2a d5 6f 4a 34 66 a7 db c0 3d d6 ec 89 26 65 ba b6 02 d5 bd 45 38 ac f1 51 e4 61 b2 e5 a8 1d 6d 11 8c e0 91 45 c8 0b 41 b9 26 8d 0c 91 03 8d e7 23 07 4c c9 71 77 1e 25 a4 83 24 eb 7c b8 3a 72 c1 38 e8 18 d6 fe 34 cd dc 36 87 b0 24 ac 3a f4 35 16 1d 81 97 5c b7 86 10 53 82 29 02 53 cc 27 0e a1 84 25 41 23 a6 5b 43 b8 c7 75 8d e8 48 a5 8c a2 21 6c 08 83 12 10 d4 c8 5e bf e6 ea 75 08 2b 82 20 6f f0 39 87 8d b6 8b 51 89 a8 cc 7f f8 a1 98 28 2d 34 5f 5e 32 b9 1f c2 86 51 09 5a 46 59 af df 1a d8 62 72 c9 5b 46 61 c5 82 8a 1d 39 46 3c 50 b8 e8 60 85 2c 3f c1 bb bd 34 02 27 a4 de f3 34 8a 2c 46 19 6f 21 99 80 9b 11 14 a8 c5 25 23 f5 04 ce 14 bc 07 71 d2 ef ad 32 3d af 7b 90 44 8e 62 66 5a a2 b3 04 71 6a 84 05 fe 8e f2 38 55 f3 61 e8 5b 9f be 1d e9 59 e4 d1 b3 68 a4 27 67 e2 0b 84 5e 17 e9 0c 7a 7e 32 20 41 b0 c6 74 07 a4 1e be 9e 3a 6b 5f 1c 26 db 2b 6e 5d 30 65 f0 70 8e 08 3c a3 7a c6 90 f9 2a e2 d7 30 9d e1 e9 10 b6 17 f0 dc b7 90 ef 30 55 6b 32 4f 38 6a 0b db 2e 99 94 ac d5 a4 21 6c cf 00 1e 25 73 bc 6a 79 e4 8a e0 98 b9 d6 a9 28 43 d8 72 90 f4 13 ba f5 45 5b 5e 01 ab dd 21 12 a4 be 1d e1 d3 28 b1 99 49 c4 06 20 57 40 1b 13 3b 3d 99 af 27 be f6 9c cd f5 5c a1 e7 19 94 38 20 8e e6 88 13 22 1e a6 fb 4f ae ea e2 ed 4c 2a 75 c3 01 2d b9 da a1 c5 80 33 83 bd 21 de 10 76 02 76 7f ba 76 6e da 43 d8 81 a8 ef 60 ad 26 53 1d 35 dd 05 24 ae 6d 5c a6 f4 14 8e 32 75 6f 77 06 9b 91 79 74 d7 c8 6c 26 c9 78 b0 53 2b c2 d7 9b 2c a8 4d 1c 6b 1c 4d 79 17 8d 70 ae 51 fc db 09 bf 75 cc 5c 60 f4 57 c7 41 d6 cf ac 74 ca e4 72 e7 43 08 4b c1 c8 51 a2 7e 8c 45 8e 32 84 6a a3 48 fc e6 61 8e a2 76 4a 23 41 fc fa 35 e9 b5 87 74 00 b3 16 81 4d 6f 4d 03 c6 4b 1c a9 9d dc 9b ff ec c1 a7 77 ba 8d 88 fa 1d 12 bc a3 b9 a1 58 b8 24 b0 3a 80 1a f2 43 0f 80 a6 5c e3 9b 0d 6c 9b 48 fd 0a 2f a2 65 9b c0 fc 35 e1 cc 17 53 c1 4c b7 75 e0 cc 74 e0 5c 56 fb f2 f2 e2 eb 8c b7 69 e0 9e 77 d4 72 54 03 c4 39 e3 77 f5 96 75 b2 49 b2 89 ea e7 97 20 cd 82 f4 f9 7d 7b 11 a2 40 1c ab 0a 09 71 df e8 b2 82 29 9a da bd 0d 92 28 09 b2 e4 8e 76 48 25 86 04 43 81 ea 1e 9c 50 79 c0 12 98 a3 b7 65
                                          Data Ascii: 7dfYKW5znM {2}$fLIdJ&@X_UX|TVJ)rQe8D=VX^(auqv5a<hw%|L=o?kGD;&[keAsJ>bCX2^#v^@EnCl7k7*oJ4f=&eE8QamEA&#Lqw%$|:r846$:5\S)S'%A#[CuH!l^u+ o9Q(-4_^2QZFYbr[Fa9F<P`,?4'4,Fo!%#q2={DbfZqj8Ua[Yh'g^z~2 At:k_&+n]0ep<z*00Uk2O8j.!l%sjy(CrE[^!(I W@;='\8 "OL*u-3!vvvnC`&S5$m\2uowytl&xS+,MkMypQu\`WAtrCKQ~E2jHavJ#A5tMoMKwX$:C\lH/e5SLut\ViwrT9wuI }{@q)(vH%CPye
                                          Apr 10, 2022 12:01:18.071664095 CEST42INData Raw: 4c ee d5 ee f1 58 0a d0 b2 ef 80 89 f3 9c 47 f9 53 54 50 05 4c c9 8f b4 82 12 cd b7 64 61 ba 76 44 44 08 ee 04 16 85 4e bc 80 8e 6e 39 65 27 0e bb 21 3c a9 60 64 02 be 89 45 27 90 6c 22 4b c9 22 4b d2 8b cf d0 f4 ea d3 94 d4 c9 a5 61 aa ff 68 a0
                                          Data Ascii: LXGSTPLdavDDNn9e'!<`dE'l"K"Kah92$,qW8|~LH $gX%;5;m1%/^:_c~&.Bq`!WX}?3*oh?c%,"oH~AG1$/L7HE @ 'yG5
                                          Apr 10, 2022 12:01:18.071676016 CEST42INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0
                                          Apr 10, 2022 12:01:47.236563921 CEST445OUTGET /favicon.ico HTTP/1.1
                                          Host: 162.159.129.233
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8
                                          Referer: http://162.159.129.233/
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Apr 10, 2022 12:01:47.654339075 CEST446OUTGET /favicon.ico HTTP/1.1
                                          Host: 162.159.129.233
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8
                                          Referer: http://162.159.129.233/
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Apr 10, 2022 12:01:47.974715948 CEST446OUTGET /favicon.ico HTTP/1.1
                                          Host: 162.159.129.233
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8
                                          Referer: http://162.159.129.233/
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Apr 10, 2022 12:01:48.753741980 CEST447OUTGET /favicon.ico HTTP/1.1
                                          Host: 162.159.129.233
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8
                                          Referer: http://162.159.129.233/
                                          Accept-Encoding: gzip, deflate
                                          Accept-Language: en-US,en;q=0.9
                                          Apr 10, 2022 12:01:48.781266928 CEST448INHTTP/1.1 403 Forbidden
                                          Date: Sun, 10 Apr 2022 10:01:48 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          X-Frame-Options: SAMEORIGIN
                                          Referrer-Policy: same-origin
                                          Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                          Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                          Vary: Accept-Encoding
                                          Server: cloudflare
                                          CF-RAY: 6f9aa4afcbf59049-FRA
                                          Content-Encoding: gzip
                                          Data Raw: 37 64 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 c5 58 5b 6f 1b 37 16 7e d7 af 38 e1 02 5e 09 10 35 92 22 5f 22 8d 54 74 1d 17 f1 6e da 18 b5 83 36 28 0a 83 33 3c 23 31 e6 90 53 92 92 2c 78 fd df 17 1c ce c8 23 c9 f1 26 0f 41 f5 a0 e1 f5 f0 5c be 73 21 e3 57 6f 3f 9c df 7c ba ba 80 85 cb e5 ac 15 bf a2 f4 0f 91 81 74 70 79 01 a7 7f ce 20 f6 13 90 4a 66 ed 94 28 4d 3f 5b 10 78 02 5a 72 81 04 24 53 f3 29 41 45 3f 5e 93 19 c4 af fe 40 c5 45 f6 27 a5 4f a4 2a 3a 00 cf 93 3a fd 36 52 67 2f 90 3a fb 06 52 73 57 51 f3 03 cf 49 79 48 85 d2 5d 4a 0b 64 7c d6 8a 9d 70 12 67 6f 85 c1 d4 c1 e5 15 b0 34 45 6b 41 69 07 4c 4a bd 46 0e ff 85 73 a9 97 3c 93 cc 60 1c 85 0d ad 38 47 c7 20 5d 30 63 d1 4d c9 c7 9b 9f e8 19 81 a8 9e 58 38 57 50 fc 6b 29 56 53 72 ae 95 43 e5 e8 cd a6 40 02 69 e8 4d 89 c3 7b 17 79 c6 27 5b 32 2f 51 f9 9d 7e fc 91 9e eb bc 60 4e 24 b2 49 e8 f2 62 7a c1 e7 d8 4d 17 46 e7 38 1d 34 08 28 96 e3 94 18 9d 68 67 1b 3b 94 16 8a e3 7d 17 94 ce b4 97 f2 60 cb 4a e0 ba d0 c6 35 36 ad 05 77 8b 29 c7 95 48 91 96 9d ae 50 c2 09 26 a9 4d 99 dc 1e 2c 85 ba 03 83 72 4a ac db 48 b4 0b 44 47 40 f0 29 49 b3 db 30 44 53 6b 09 2c 0c 66 53 12 a5 5c d1 74 2e a2 30 15 e5 4c a8 5e 39 ef 36 05 56 6a 2a fb 39 72 c1 a6 c4 a6 06 51 75 0b a3 3f 63 ea 84 56 e5 b1 ad 56 6c 53 23 0a d7 dc f6 99 ad 58 18 25 b3 56 3b 5b aa 72 7d bb f3 20 b2 36 d7 e9 32 47 e5 7a 8c f3 8b 15 2a f7 5e 58 87 0a cd d1 d1 5a 28 ae d7 bd df 7f 7e ff ce b9 e2 57 fc 6b 89 d6 1d 1d fd fb fa c3 2f e1 bf 67 9d 11 6a 2e b2 4d e7 61 c5 0c e0 74 4b 9b 85 91 74 ba a5 3f 47 77 21 d1 37 ff b5 b9 e4 6d 82 c6 68 43 33 44 9e b0 f4 8e da a5 59 e1 86 74 ba fc 1b b6 94 20 25 9d 6e 32 55 b8 86 5d 46 27 6c fa 80 5e a0 31 a9 77 40 2a 45 7a 87 9c 78 ad 15 68 9c 40 3b 7e 28 a9 9e 6b 8e e3 41 bf ff ba bb 40 59 64 4b 39 66 dd 15 1a 2b b4 1a 0f 1e 1f 27 49 4f 17 a8 da e4 ea c3 f5 0d e9 12 8f 48 3b 8e 22 5b 30 63 f4 ba 97 6e 3d a3 97 ea 3c 62 85 88 56 83 a8 3c 9e 74 26 49 cf a2 ab d8 7a 87 8c a3 69 ef 7a 43 97 b0 a2 90 22 65 5e 77 d1 67 ab d5 17 76 5d 87 f3 e8 b5 5e 9a 14 e9 7f 70 43 ba 24 3d 3d 1d 64 7d 1c 25 c7 a3 37 a3 51 82 49 36 1a 9e 0c f8 68 94 f0 d3 37 6c 80 a4 33 69 79 62 8a b7 77 ad d6 66 9d ce 24 ed 95 01 c3 9b dd 63 a0 bd d5 16 5d 08 ce d1 73 c2 1b 4b 0c e6 7a 85 cf ac 7a 9c 7c 11 4a 6d f2 f6 c3 cf 95 c0 ef 35 e3 de 02 0d 14 7a a0 b0 af b5 3a e9 74 5f 00 d5 96 ab 64 e9 9c 56 74 83 f6 65 48 ed 6f 50 9a 74 26 64 2b 2e 11 0a d8 d1 51 9b 7d 8d 06 ba e9 33 92 97 90 db 11 17 db af fa 9d c7 4e 97 7f ed ea 41 e7 b1 d3 79 ec 3c 3e 76 da 9d 49 2b 8e 82 2b cf 9e 5c 9d 63 86 06 ac 49 a7 5b 60 b2 42 f4 0c e3 cc ec 43 33 41 96 6a d5 fb 6c c9 ec 89 52 1c 55 69 20 d1 7c 33 6b 01 c4 5c ac aa 58 45 d7 86 15 05 1a e2
                                          Data Ascii: 7d7X[o7~8^5"_"Ttn6(3<#1S,x#&A\s!Wo?|tpy Jf(M?[xZr$S)AE?^@E'O*::6Rg/:RsWQIyH]Jd|pgo4EkAiLJFs<`8G ]0cMX8WPk)VSrC@iM{y'[2/Q~`N$IbzMF84(hg;}`J56w)HP&M,rJHDG@)I0DSk,fS\t.0L^96Vj*9rQu?cVVlS#X%V;[r} 62Gz*^XZ(~Wk/gj.MatKt?Gw!7mhC3DYt %n2U]F'l^1w@*Ezxh@;~(kA@YdK9f+'IOH;"[0cn=<bV<t&IzizC"e^wgv]^pC$==d}%7QI6h7l3iybwf$c]sKzz|Jm5z:t_dVteHoPt&d+.Q}3NAy<>vI++\cI[`BC3AjlRUi |3k\XE
                                          Apr 10, 2022 12:01:48.781281948 CEST449INData Raw: c7 ab 99 2a c5 a4 19 65 12 8d 83 ba 41 4b 5b f9 6e aa f5 9d c0 aa 5f 29 28 10 0c 13 e5 72 02 9c 39 46 9d 61 ca 4a e6 d0 e7 29 96 48 bc 0d 8b 2c 99 5d 49 64 16 21 0c 43 35 dc 8b 23 2e 56 0d 76 2a 46 03 50 38 3a 26 a4 0f f3 81 c9 82 f6 2b d6 7d c2
                                          Data Ascii: *eAK[n_)(r9FaJ)H,]Id!C5#.Vv*FP8:&+}-)[:>p3X]l)%S>fo5UPH;j:<CrT{5hC5zM>HM3&h1hvK/3lCZ kl
                                          Apr 10, 2022 12:01:48.781292915 CEST449INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          HTTPS Proxied Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.349731172.64.151.10443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData
                                          2022-04-10 10:01:19 UTC0OUTGET /beacon.js HTTP/1.1
                                          Host: api.radar.cloudflare.com
                                          Connection: keep-alive
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept: */*
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: script
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.349763142.250.186.46443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData
                                          2022-04-10 10:01:51 UTC0OUTGET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1
                                          Host: clients2.google.com
                                          Connection: keep-alive
                                          X-Goog-Update-Interactivity: fg
                                          X-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfm
                                          X-Goog-Update-Updater: chromecrx-85.0.4183.121
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2022-04-10 10:01:51 UTC1INHTTP/1.1 200 OK
                                          Content-Security-Policy: script-src 'report-sample' 'nonce-DZbbtQFlakLiTOB6dcuK9w' 'unsafe-inline' 'strict-dynamic' https: http:;object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/clientupdate-aus/1
                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                          Pragma: no-cache
                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                          Date: Sun, 10 Apr 2022 10:01:51 GMT
                                          Content-Type: text/xml; charset=UTF-8
                                          X-Daynum: 5578
                                          X-Daystart: 10911
                                          X-Content-Type-Options: nosniff
                                          X-Frame-Options: SAMEORIGIN
                                          X-XSS-Protection: 1; mode=block
                                          Server: GSE
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                          Accept-Ranges: none
                                          Vary: Accept-Encoding
                                          Connection: close
                                          Transfer-Encoding: chunked
                                          2022-04-10 10:01:51 UTC2INData Raw: 35 31 65 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 3c 67 75 70 64 61 74 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f 75 70 64 61 74 65 32 2f 72 65 73 70 6f 6e 73 65 22 20 70 72 6f 74 6f 63 6f 6c 3d 22 32 2e 30 22 20 73 65 72 76 65 72 3d 22 70 72 6f 64 22 3e 3c 64 61 79 73 74 61 72 74 20 65 6c 61 70 73 65 64 5f 64 61 79 73 3d 22 35 35 37 38 22 20 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 3d 22 31 30 39 31 31 22 2f 3e 3c 61 70 70 20 61 70 70 69 64 3d 22 6e 6d 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 22 20 63 6f 68 6f 72 74 3d 22 31 3a 3a 22 20 63 6f 68 6f 72 74 6e 61 6d 65 3d 22 22
                                          Data Ascii: 51e<?xml version="1.0" encoding="UTF-8"?><gupdate xmlns="http://www.google.com/update2/response" protocol="2.0" server="prod"><daystart elapsed_days="5578" elapsed_seconds="10911"/><app appid="nmmhkkegccagdldgiimedpiccmgmieda" cohort="1::" cohortname=""
                                          2022-04-10 10:01:51 UTC2INData Raw: 6d 68 6b 6b 65 67 63 63 61 67 64 6c 64 67 69 69 6d 65 64 70 69 63 63 6d 67 6d 69 65 64 61 2e 63 72 78 22 20 66 70 3d 22 31 2e 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 68 61 73 68 5f 73 68 61 32 35 36 3d 22 38 31 65 33 61 34 64 34 33 61 37 33 36 39 39 65 31 62 37 37 38 31 37 32 33 66 35 36 62 38 37 31 37 31 37 35 63 35 33 36 36 38 35 63 35 34 35 30 31 32 32 62 33 30 37 38 39 34 36 34 61 64 38 32 22 20 70 72 6f 74 65 63 74 65 64 3d 22 30 22 20 73 69 7a 65 3d 22 32 34 38 35 33 31 22 20 73 74 61 74 75 73 3d 22 6f 6b 22 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 2e 30 2e 36 22 2f 3e 3c 2f 61 70 70 3e 3c 61 70
                                          Data Ascii: mhkkegccagdldgiimedpiccmgmieda.crx" fp="1.81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" hash_sha256="81e3a4d43a73699e1b7781723f56b8717175c536685c5450122b30789464ad82" protected="0" size="248531" status="ok" version="1.0.0.6"/></app><ap
                                          2022-04-10 10:01:51 UTC3INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.349767104.16.123.96443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData
                                          2022-04-10 10:01:52 UTC3OUTGET /5xx-error-landing HTTP/1.1
                                          Host: www.cloudflare.com
                                          Connection: keep-alive
                                          Upgrade-Insecure-Requests: 1
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: navigate
                                          Sec-Fetch-Dest: document
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          3192.168.2.349814104.18.3.57443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData
                                          2022-04-10 10:02:12 UTC3OUTOPTIONS /api/v1/event HTTP/1.1
                                          Host: sparrow.cloudflare.com
                                          Connection: keep-alive
                                          Accept: */*
                                          Access-Control-Request-Method: POST
                                          Access-Control-Request-Headers: content-type,sparrow-source-key
                                          Origin: http://162.159.129.233
                                          Sec-Fetch-Mode: cors
                                          Sec-Fetch-Site: cross-site
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2022-04-10 10:02:13 UTC4INHTTP/1.1 200 OK
                                          Date: Sun, 10 Apr 2022 10:02:13 GMT
                                          Content-Type: text/plain;charset=UTF-8
                                          Content-Length: 8
                                          Connection: close
                                          Access-Control-Allow-Origin: http://162.159.129.233
                                          Vary: Origin
                                          access-control-allow-headers: Content-Type, Sparrow-Client-ID, Sparrow-Source-Key, Origin
                                          access-control-allow-methods: POST, OPTIONS
                                          access-control-max-age: 600
                                          Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                          Server: cloudflare
                                          CF-RAY: 6f9aa547ed5a5b9e-FRA
                                          2022-04-10 10:02:13 UTC4INData Raw: 53 75 63 63 65 73 73 2e
                                          Data Ascii: Success.


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          4192.168.2.349821142.250.74.193443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData
                                          2022-04-10 10:02:14 UTC4OUTGET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1
                                          Host: clients2.googleusercontent.com
                                          Connection: keep-alive
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          5192.168.2.349829142.250.185.77443C:\Program Files\Google\Chrome\Application\chrome.exe
                                          TimestampkBytes transferredDirectionData
                                          2022-04-10 10:02:19 UTC5OUTPOST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1
                                          Host: accounts.google.com
                                          Connection: keep-alive
                                          Content-Length: 1
                                          Origin: https://www.google.com
                                          Content-Type: application/x-www-form-urlencoded
                                          Sec-Fetch-Site: none
                                          Sec-Fetch-Mode: no-cors
                                          Sec-Fetch-Dest: empty
                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
                                          Accept-Encoding: gzip, deflate, br
                                          Accept-Language: en-US,en;q=0.9
                                          2022-04-10 10:02:19 UTC5OUTData Raw: 20
                                          Data Ascii:
                                          2022-04-10 10:02:21 UTC5INHTTP/1.1 200 OK
                                          Content-Type: application/json; charset=utf-8
                                          Access-Control-Allow-Origin: https://www.google.com
                                          Access-Control-Allow-Credentials: true
                                          X-Content-Type-Options: nosniff
                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                          Pragma: no-cache
                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                          Date: Sun, 10 Apr 2022 10:02:21 GMT
                                          Strict-Transport-Security: max-age=31536000; includeSubDomains
                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-platform=*, ch-ua-platform-version=*
                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/IdentityListAccountsHttp/cspreport
                                          Content-Security-Policy: script-src 'report-sample' 'nonce-P1hOHoCK7vUdinHkRP99hA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/IdentityListAccountsHttp/cspreport;worker-src 'self'
                                          Content-Security-Policy: script-src 'nonce-P1hOHoCK7vUdinHkRP99hA' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/IdentityListAccountsHttp/cspreport
                                          Cross-Origin-Opener-Policy: same-origin; report-to="IdentityListAccountsHttp"
                                          Report-To: {"group":"IdentityListAccountsHttp","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external"}]}
                                          Server: ESF
                                          X-XSS-Protection: 0
                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
                                          Accept-Ranges: none
                                          Vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site,Accept-Encoding
                                          Connection: close
                                          Transfer-Encoding: chunked
                                          2022-04-10 10:02:21 UTC7INData Raw: 31 31 0d 0a 5b 22 67 61 69 61 2e 6c 2e 61 2e 72 22 2c 5b 5d 5d 0d 0a
                                          Data Ascii: 11["gaia.l.a.r",[]]
                                          2022-04-10 10:02:21 UTC7INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          General

                                          Target ID:0
                                          Start time:12:01:11
                                          Start date:10/04/2022
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://162.159.129.233
                                          Imagebase:0x7ff7f6290000
                                          File size:2150896 bytes
                                          MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low

                                          General

                                          Target ID:1
                                          Start time:12:01:12
                                          Start date:10/04/2022
                                          Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                          Wow64 process (32bit):false
                                          Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,1155267026737125538,17040286387175416311,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
                                          Imagebase:0x7ff7f6290000
                                          File size:2150896 bytes
                                          MD5 hash:C139654B5C1438A95B321BB01AD63EF6
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low

                                          Disassembly

                                          No disassembly