Automated Malware Analysis Management Report for reflective_practice_template_nhs[1].pdf

Overview

General Information

Sample Name:	reflective_practice_template_nhs[1].pdf
Analysis ID:	404286
MD5:	bd93c6b39cf6fbfb5f2009a320f70ab2
SHA1:	bc2b60452dbe4994d0d1d8ab2a769b278a5cd58d
SHA256:	834c0a2229054d27ad6ce7ff422a332cd18694bd828c4a4b3a4745b0086fe144
Infos:
Most interesting Screenshot:

Detection

Score:	22
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Machine Learning detection for sample

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

IP address seen in connection with other malware

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Classification

Signatures

AV Detection:

Machine Learning detection for sample

Source: reflective_practice_template_nhs[1].pdf

Joe Sandbox ML: detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Software Vulnerabilities:

Potential document exploit detected (performs DNS queries)

Source: global traffic

DNS query: name: traffking.ru

Potential document exploit detected (performs HTTP gets)

Source: global traffic

TCP traffic: 192.168.2.5:49720 -> 172.67.171.190:443

Potential document exploit detected (unknown TCP traffic)

Source: global traffic

TCP traffic: 192.168.2.5:49720 -> 172.67.171.190:443

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 80.0.0.0 80.0.0.0

Source: unknown

DNS traffic detected: queries for: traffking.ru

Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertEVCodeSigningCA-SHA2.crt0
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt0
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AcroRd32.exe, 00000002.00000002.410868252.0000000009340000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: AcroRd32.exe, 00000002.00000002.410868252.0000000009340000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/(15)8
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/EVCodeSigningSHA2-g1.crl07
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/EVCodeSigningSHA2-g1.crl0K
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/Pk
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/ik
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0C
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0H
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0I
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0O
Source: AcroRd32.exe, 00000002.00000002.423732062.000000000B4B1000.00000004.00000001.sdmp	String found in binary or memory: http://scripts.sil.org/OFL
Source: AcroRd32.exe, 00000002.00000002.423732062.000000000B4B1000.00000004.00000001.sdmp	String found in binary or memory: http://scripts.sil.org/OFLhttp://scripts.sil.org/OFL
Source: AcroRd32.exe, 00000002.00000002.431313305.000000000E686000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: http://www.adobe.9
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#Id
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/-
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/c
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: AcroRd32.exe, 00000002.00000002.423732062.000000000B4B1000.00000004.00000001.sdmp	String found in binary or memory: http://www.ascendercorp.com/
Source: AcroRd32.exe, 00000002.00000002.423732062.000000000B4B1000.00000004.00000001.sdmp	String found in binary or memory: http://www.ascendercorp.com/http://www.ascendercorp.com/http://www.ascendercorp.com/typedesigners.ht
Source: AcroRd32.exe, 00000002.00000002.423732062.000000000B4B1000.00000004.00000001.sdmp	String found in binary or memory: http://www.ascendercorp.com/typedesigners.html
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
Source: AcroRd32.exe, 00000002.00000002.423999541.000000000B5DB000.00000004.00000001.sdmp	String found in binary or memory: http://www.fontbureau.comhttp://www.fontbureau.com/designersNegritaAgency
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/R
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/l
Source: AcroRd32.exe, 00000002.00000002.405944190.0000000007C70000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/default/1.0%http://www.osmf.org/mediatype/default
Source: AcroRd32.exe, 00000002.00000002.405944190.0000000007C70000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/drm/default
Source: AcroRd32.exe, 00000002.00000002.405944190.0000000007C70000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/elementId%http://www.osmf.org/temporal/embedded$http://www.osmf.org/temporal/dyn
Source: AcroRd32.exe, 00000002.00000002.405944190.0000000007C70000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/anchor
Source: AcroRd32.exe, 00000002.00000002.405944190.0000000007C70000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/layout/padding%http://www.osmf.org/layout/attributes
Source: AcroRd32.exe, 00000002.00000002.405944190.0000000007C70000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/region/target#http://www.osmf.org/layout/renderer#http://www.osmf.org/layout/abs
Source: AcroRd32.exe, 00000002.00000002.405944190.0000000007C70000.00000002.00000001.sdmp	String found in binary or memory: http://www.osmf.org/subclip/1.0
Source: AcroRd32.exe, 00000002.00000002.405944190.0000000007C70000.00000002.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000002.00000002.431436814.000000000E777000.00000004.00000001.sdmp	String found in binary or memory: https://.OKCancelEdit
Source: AcroRd32.exe, 00000002.00000002.431313305.000000000E686000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000002.00000002.431313305.000000000E686000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/$
Source: AcroRd32.exe, 00000002.00000002.423999541.000000000B5DB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000002.00000002.423999541.000000000B5DB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/4
Source: AcroRd32.exe, 00000002.00000002.423999541.000000000B5DB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/We9
Source: AcroRd32.exe, 00000002.00000002.423999541.000000000B5DB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/i
Source: AcroRd32.exe, 00000002.00000002.423999541.000000000B5DB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/ma
Source: AcroRd32.exe, 00000002.00000002.423999541.000000000B5DB000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/rlA
Source: AcroRd32.exe, 00000002.00000002.431313305.000000000E686000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/dfo
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr	String found in binary or memory: https://a.nel.cloudflare.com
Source: Reporting and NEL.22.dr	String found in binary or memory: https://a.nel.cloudflare.com/report?s=XgDtas6rxmQXi1NtYYQGGtjvlm1lLbMIYjkQIprM4iwF0ZZj3tp0ISGyKdYPkd
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, manifest.json0.21.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://accounts.google.com
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com7
Source: AcroRd32.exe, 00000002.00000002.431160906.000000000E27C000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comRL
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, manifest.json0.21.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://apis.google.com
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.sqhk.co/kapopajij/WiinigQ/protozoa_vs_bacteria_vs_virus_size.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://cdn.sqhk.co/kapopajij/WiinigQ/protozoa_vs_bacteria_vs_virus_size.pdf)
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.sqhk.co/kapopajij/WiinigQ/protozoa_vs_bacteria_vs_virus_size.pdfg-
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.sqhk.co/kilatelazobe/jetdOgd/retro_fridge_with_water_dispenser.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://cdn.sqhk.co/kilatelazobe/jetdOgd/retro_fridge_with_water_dispenser.pdf)
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.sqhk.co/ludibipimilu/DhcRxOb/movie_software_for_windows_10.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://cdn.sqhk.co/ludibipimilu/DhcRxOb/movie_software_for_windows_10.pdf)
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://cdn.sqhk.co/potexunajo/Qjajchj/hitman_2_silent_assassin_cheats.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://cdn.sqhk.co/potexunajo/Qjajchj/hitman_2_silent_assassin_cheats.pdf)
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.21.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.21.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.22.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: ed8954d8-3f2b-4e1b-b29d-f26f5a04eaca.tmp.22.dr, 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, 10b9cad4-7dff-4d1c-b1c2-32538d1f314b.tmp.22.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.21.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.21.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.21.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://genigudepa.weebly.com/uploads/1/3/1/0/131070712/kasodopizafazakoxuk.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://genigudepa.weebly.com/uploads/1/3/1/0/131070712/kasodopizafazakoxuk.pdf)
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://gofolepoxi.weebly.com/uploads/1/3/4/8/134882907/7674727.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://gofolepoxi.weebly.com/uploads/1/3/4/8/134882907/7674727.pdf)
Source: manifest.json0.21.dr	String found in binary or memory: https://hangouts.google.com/
Source: AcroRd32.exe, 00000002.00000002.410868252.0000000009340000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: AcroRd32.exe, 00000002.00000002.423954231.000000000B595000.00000004.00000001.sdmp	String found in binary or memory: https://najijufo.weebly.com/uploads/1/3/4/7/134714833/peguloxufera_kudulavigiwub.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://najijufo.weebly.com/uploads/1/3/4/7/134714833/peguloxufera_kudulavigiwub.pdf)
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://nalabusapigo.weebly.com/uploads/1/3/2/7/132740218/4175162.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://nalabusapigo.weebly.com/uploads/1/3/2/7/132740218/4175162.pdf)
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://nalabusapigo.weebly.com/uploads/1/3/2/7/132740218/4175162.pdfp-
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.21.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: AcroRd32.exe, 00000002.00000002.411079859.0000000009425000.00000004.00000001.sdmp	String found in binary or memory: https://pumoguviponurin.weebly.com/uploads/1/3/4/7/134773216/miretigegurugi.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://pumoguviponurin.weebly.com/uploads/1/3/4/7/134773216/miretigegurugi.pdf)
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr	String found in binary or memory: https://r7---sn-n02xgoxufvg3-2gbs.gvt1.com
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.21.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json56.21.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json56.21.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://tipefejiri.weebly.com/uploads/1/3/0/9/130969755/buwobu.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://tipefejiri.weebly.com/uploads/1/3/0/9/130969755/buwobu.pdf)
Source: AcroRd32.exe, 00000002.00000002.431313305.000000000E686000.00000004.00000001.sdmp, 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr	String found in binary or memory: https://traffking.ru
Source: Current Session.21.dr	String found in binary or memory: https://traffking.ru/square?utm_term=reflective
Source: AcroRd32.exe, 00000002.00000002.423954231.000000000B595000.00000004.00000001.sdmp	String found in binary or memory: https://uploads.strikinglycdn.com/files/4371836f-f017-4f30-9831-11554ca34703/botunuxojok.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://uploads.strikinglycdn.com/files/4371836f-f017-4f30-9831-11554ca34703/botunuxojok.pdf)
Source: AcroRd32.exe, 00000002.00000002.423954231.000000000B595000.00000004.00000001.sdmp	String found in binary or memory: https://uploads.strikinglycdn.com/files/4371836f-f017-4f30-9831-11554ca34703/botunuxojok.pdfN
Source: AcroRd32.exe, 00000002.00000002.424135864.000000000B685000.00000004.00000001.sdmp, reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://uploads.strikinglycdn.com/files/8c547329-0d1e-4dfa-b95f-2dc323cb86d4/world_war_one_weapons_c
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://wixotavu.weebly.com/uploads/1/3/4/7/134764887/2953325.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://wixotavu.weebly.com/uploads/1/3/4/7/134764887/2953325.pdf)
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://wixotavu.weebly.com/uploads/1/3/4/7/134764887/2953325.pdfb.
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://wosufixojiniki.weebly.com/uploads/1/3/4/7/134720754/4081785.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://wosufixojiniki.weebly.com/uploads/1/3/4/7/134720754/4081785.pdf)
Source: AcroRd32.exe, 00000002.00000002.410704532.0000000008B2D000.00000002.00000001.sdmp	String found in binary or memory: https://www.digicert.com/CPS0
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, manifest.json0.21.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.21.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.21.dr	String found in binary or memory: https://www.google.com;
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp.22.dr, 1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp.22.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.21.dr	String found in binary or memory: https://www.gstatic.com;
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://zeginuvo.weebly.com/uploads/1/3/0/7/130775519/vapajukaba.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://zeginuvo.weebly.com/uploads/1/3/0/7/130775519/vapajukaba.pdf)
Source: AcroRd32.exe, 00000002.00000002.424349766.000000000B7AE000.00000004.00000001.sdmp	String found in binary or memory: https://zopugazuf.weebly.com/uploads/1/3/4/6/134658021/6123242.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://zopugazuf.weebly.com/uploads/1/3/4/6/134658021/6123242.pdf)
Source: AcroRd32.exe, 00000002.00000002.423954231.000000000B595000.00000004.00000001.sdmp	String found in binary or memory: https://zoxiniguve.weebly.com/uploads/1/3/4/5/134584112/lunopamug_wemezuvulezurob.pdf
Source: reflective_practice_template_nhs[1].pdf	String found in binary or memory: https://zoxiniguve.weebly.com/uploads/1/3/4/5/134584112/lunopamug_wemezuvulezurob.pdf)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443

Source: classification engine

Classification label: sus22.winPDF@50/263@4/7

Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://genigudepa.weebly.com/uploads/1/3/1/0/131070712/kasodopizafazakoxuk.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://cdn.sqhk.co/kilatelazobe/jetdOgd/retro_fridge_with_water_dispenser.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://cdn.sqhk.co/potexunajo/Qjajchj/hitman_2_silent_assassin_cheats.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://traffking.ru/square?utm_term=reflective+practice+template+nhs
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://pumoguviponurin.weebly.com/uploads/1/3/4/7/134773216/miretigegurugi.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://tipefejiri.weebly.com/uploads/1/3/0/9/130969755/buwobu.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://cdn.sqhk.co/kapopajij/WiinigQ/protozoa_vs_bacteria_vs_virus_size.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://cdn.sqhk.co/ludibipimilu/DhcRxOb/movie_software_for_windows_10.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://cdn.sqhk.co/ludibipimilu/dhcrxob/movie_software_for_windows_10.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://uploads.strikinglycdn.com/files/8c547329-0d1e-4dfa-b95f-2dc323cb86d4/world_war_one_weapons_crossword_answers.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://zopugazuf.weebly.com/uploads/1/3/4/6/134658021/6123242.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://zoxiniguve.weebly.com/uploads/1/3/4/5/134584112/lunopamug_wemezuvulezurob.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://cdn.sqhk.co/potexunajo/qjajchj/hitman_2_silent_assassin_cheats.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://nalabusapigo.weebly.com/uploads/1/3/2/7/132740218/4175162.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://wixotavu.weebly.com/uploads/1/3/4/7/134764887/2953325.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://zeginuvo.weebly.com/uploads/1/3/0/7/130775519/vapajukaba.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://wosufixojiniki.weebly.com/uploads/1/3/4/7/134720754/4081785.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://gofolepoxi.weebly.com/uploads/1/3/4/8/134882907/7674727.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://cdn.sqhk.co/kapopajij/wiinigq/protozoa_vs_bacteria_vs_virus_size.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://cdn.sqhk.co/kilatelazobe/jetdogd/retro_fridge_with_water_dispenser.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://uploads.strikinglycdn.com/files/4371836f-f017-4f30-9831-11554ca34703/botunuxojok.pdf
Source: reflective_practice_template_nhs[1].pdf	Initial sample: https://najijufo.weebly.com/uploads/1/3/4/7/134714833/peguloxufera_kudulavigiwub.pdf

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Program Files (x86)\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' 'C:\Users\user\Desktop\reflective_practice_template_nhs[1].pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\reflective_practice_template_nhs[1].pdf'
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1588,5207695692286208694,13668873235774985554,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4477307787754487931 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4477307787754487931 --renderer-client-id=2 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1588,5207695692286208694,13668873235774985554,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=5528301929327232026 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1588,5207695692286208694,13668873235774985554,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9756364306558423637 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9756364306558423637 --renderer-client-id=4 --mojo-platform-channel-handle=1824 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1588,5207695692286208694,13668873235774985554,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7523555841818072242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7523555841818072242 --renderer-client-id=5 --mojo-platform-channel-handle=2224 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'https://traffking.ru/square?utm_term=reflective+practice+template+nhs'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,17001144406219017590,14380291932932443674,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1824 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe' --type=renderer /prefetch:1 'C:\Users\user\Desktop\reflective_practice_template_nhs[1].pdf'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'https://traffking.ru/square?utm_term=reflective+practice+template+nhs'	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1588,5207695692286208694,13668873235774985554,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=4477307787754487931 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=4477307787754487931 --renderer-client-id=2 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=gpu-process --field-trial-handle=1588,5207695692286208694,13668873235774985554,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --service-request-channel-token=5528301929327232026 --mojo-platform-channel-handle=1728 --allow-no-sandbox-job --ignored=' --type=renderer ' /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1588,5207695692286208694,13668873235774985554,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=9756364306558423637 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9756364306558423637 --renderer-client-id=4 --mojo-platform-channel-handle=1824 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe 'C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe' --type=renderer --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --touch-events=enabled --field-trial-handle=1588,5207695692286208694,13668873235774985554,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7523555841818072242 --lang=en-US --disable-pack-loading --log-file='C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log' --log-severity=disable --product-version='ReaderServices/19.12.20035 Chrome/80.0.0.0' --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7523555841818072242 --renderer-client-id=5 --mojo-platform-channel-handle=2224 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,17001144406219017590,14380291932932443674,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1824 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: reflective_practice_template_nhs[1].pdf	Initial sample: PDF keyword /JS count = 0
Source: reflective_practice_template_nhs[1].pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: reflective_practice_template_nhs[1].pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: reflective_practice_template_nhs[1].pdf

Initial sample: PDF keyword obj count = 59

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: AcroRd32.exe, 00000002.00000002.427413592.000000000D56B000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging:

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

Code function: 2_2_05016003 LdrInitializeThunk,

2_2_05016003

Source: AcroRd32.exe, 00000002.00000002.405093312.0000000005940000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000002.00000002.405093312.0000000005940000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000002.00000002.405093312.0000000005940000.00000002.00000001.sdmp	Binary or memory string: SProgram Managerl
Source: AcroRd32.exe, 00000002.00000002.405093312.0000000005940000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd,
Source: AcroRd32.exe, 00000002.00000002.405093312.0000000005940000.00000002.00000001.sdmp	Binary or memory string: Progmanlock

Domain

Country

Flag

ASN

ASN Name

Malicious

216.58.212.129

googlehosted.l.googleusercontent.com

United States

15169

GOOGLEUS

false

239.255.255.250

unknown

Reserved

unknown

false

172.67.171.190

traffking.ru

United States

13335

CLOUDFLARENETUS

false

35.190.80.1

a.nel.cloudflare.com

United States

15169

GOOGLEUS

false

80.0.0.0

unknown

United Kingdom

5089

NTLGB

false

192.168.2.1

127.0.0.1

Name

Active

a.nel.cloudflare.com

35.190.80.1

true

traffking.ru

172.67.171.190

true

googlehosted.l.googleusercontent.com

216.58.212.129

true

clients2.googleusercontent.com

unknown

Name	Type	MD5	SHA1	SHA256
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	data	A78AD14E77147E7DE3647E61964C0335	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0	data	4BB57DBA51FC77C82FCAA963296A2396	6CA39C2DEF431B1E5167E1E43895DE23A0F6FF85	071952EBA7A768CE4F2E9FAFCB4C5C0DED17C7FAE8C2C7ADAADE4E354403F079
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0	data	F19CF255CA7BE8C9130BDC56F5CC2927	688798E6DA66F142D8CA23E9AB12B8C0B76F5794	2C26F2BBA8F8327530631C020F185D7E6F5D55A201477481CCFCF5CAD72A13A1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0	data	47ECEC79E697ED8592C2508CC61D4824	33C11FFBE911E8D56C68D33E2914C9F03CB1BEE6	1B3801DB5672CD182D312916649F9129E8F4CCB097B6E29342C1E63223322EF5
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0	data	4817DAC702193AD4180A1DBC4270846A	5E8546137B2D7751DC60303FE990887541605BDD	B2251E73512616C10E7C495A8E7DDEE23F785AA02ED72BE7F224F5D72278AA9E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0	data	9A80FF643736EE36A15163179676DCD7	03B0359DBB07BE9377A0C0E746C87C4B48749CB6	28285DFB4569A5F44DFA17C18443082D448D6C4CD9A64347DD9D9A1EBDF0957A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0	data	67B892F78CF1F66E271DB89C206610D3	2214C8428C11133A8D5B4E1BE1355662E77AAECC	451D876F4843313A942EA48654887162F6E85314A19EDAC0190A79CEEEEB06DB
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0	data	5DA94A7AE9B2F5F802EC2BB89BD63305	C8E93945B49BC249649FBD59149776B8EDFC6A23	00A2715B5084D2736D88D46EA8B64022E94C01183721C07A2D7426042252E902
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0	data	3EB283963E429975B848489E69693261	D5EE59E144C5077E3B22F2A45EF1508C6BCBCD77	440FC29431DE7ABC3A114EC16095E68B325B177A97726DE4CADD31628BC22B2A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0	data	9F51E3F1516A9FB719485B1E77A4B502	4FBAF633609F9035A2483C499237088289D27C23	4F820BFC61D21BF1D519EFB3D5DC12A6B91D10746B49352D5D933C2CBF0E1725
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0	data	ED913CC4DE8575D3D5E74715F9AC6761	390D6A8EAC87636CBB05721BCD122972E8756E78	251E81D53C6EE9275C0A87B1379C32DA5386E547C9A12B66819F3ADC722BA2AD
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0	data	E9BA46DD99D930BC74ED0B69DD7AF121	5E6CA5620D1DC9E9AA34E8FDCD5BE37F64406387	7C12DE1845459C1583C23D3A13AB18BFCD82157F6513B2518173F49C3015A18E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0	data	043AAB6FCCC558E1E5C08CD95293B632	406ABE6507C37CAE04FF9CBF9710AD703FE2F0F8	F40323CF813B38B709E4576BEDDD5C5AF9A38750591FA2FC42901980221E08EC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0	data	8048E3DA03DF92773353EE83CFDA4A39	9415540E85C31D974FA7B2E0765CB0754521DF5D	2BBD46E8010078A8EA81BFA4DFCC9F8C9ABAB3C94DDCE16913BA925699D4733D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0	data	D0E0413C60FB54DC9C25EBE8E160D84C	B85498B6B6171DFD53286834E72D25B60D4B40D0	B9AA722E708EBE76E30EC48992289A5C93FADFA162113009E4BCDEF650BBC109
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0	data	EE4C70D1538F5090ED8D678D06DFCE9C	7169411C29F7A50071264E2E9A7935A1455B4247	51564E00EB97E6146A250DCAEB9DC1989AB97A03A99F6CD9E5A3963948E93C9A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0	data	41346F9E107CEF1968F1BF3C534BCE43	EC97A08CD608EF8E36A06A0F7B1BA07565C7B66A	91C953FC2C80245CA97F86012AF2170E14F593D4BE72AD96DB08F81CDE6CAAF8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0	data	CFBEABFADE6C70FFC9646E42834AA03E	14B4FABA2F9CE83EAE3C0017026489A71C0565CC	8CAD39321F795AD8C31CCF015F4D646682095F0A1B9D186BBCBFADEF161E0B89
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0	data	4C2F74FBB3FF5020AEF1AC722DF8641D	B072CAD2913BCBD9D5BEEB3D7BB4B11D4EAC70B2	5D10AD01A0944C87C2BAD937A288D00656C50AF509212FB481CE496898D3BBA5
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0	data	39970273A9D4707957C7BA4992E23FF2	A2BCD8CD07C7171EC77C36F68081D63AF0513536	C79C429536A20641441CF6913BDAF190AFB3131DCF6024EF599290EFD62B39C5
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0	data	18E07072BD0176CD2A329F0A170A2D2C	B8F038FEB8B3B6BD85DFD1AD816D942C70E7B028	F81F428C4FE9928990E207839750DDC3B6A631EECB15403408BDE2ECAA4654C7
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0	data	81DE37A2C1103324E837CC8D8867C99D	1029866630E466210D9AE16B8C6C315D962E72DC	3C50332090B76FAEBD15B20659D971BFB55CD266BD4BA7065FA6C23C25198B8D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0	data	E3B831C5AE75A86D116AE62182DB0501	3F608F50B6EB5B0E7DD42E23FB553B749EA80426	39FA14E47616438FA94936ECEEDDE964F7B48168BB1707E115656A0D9C81A3B1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0	data	1067C246B9D7E146F0E264E5E0A8E4B4	A8692A54BC900965FA6DA9D8FA5471A0A95E9A4A	94899653F47EC8ED4AEB15C1F3821AB8A8213CD56E0793DAFC35A2C6310A8448
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0	data	2B28EE963602BA0EC9092A3BD63EC366	FA1ECE3FE9AC8F0D4197C74DD1C6799F1B183060	491AE10A1364C60A56F28BC16FC3E719597CE0DB597B12197B293D05D88432BD
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0	data	199A995BBB3BE2BE1C10A19BB627FED1	2E466F21895118E8B17DC0E4EA0C7715B18531AD	84346F1B75D678922A6B40A44AA1F893D15456FB33CCDCD191EEF2501F913114
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0	data	4FE084007337D605202B42C4310B59BB	5C565424EFECCECDB7228B824AD185D25EFC1F55	A492B248CD410CCA01E8706FADEFC44B6A3555D67F5CBFFC9D1B25BBDD709D61
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0	data	367EF55EB6125193D11EAB81D2A00D52	F44C1A40A0007537FC69CB42BC932E2E7120766B	4C908662FEF061DB5371FE4E228FA803DE4ECB28BF0EF4202717E0F00C2A2B9F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0	data	8EBDA043FB784A279F696FCA78CCFBCD	AE26F884D0183878D6CF9C99BD62EA2F47E5CA3D	975F96E7815CB7C13DBBD2EC2A1C9F0A4396F956EE08B29F6D062AD2747B3867
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0	data	91F02D0A763C31C8E69EFDBE31C3D79B	6BD8AB82092B1ED6E8369C55B6E502520C87BEBB	F2E07554750312FF4A03D0742B3BE310FBAAA648537269FCE9128410E7DB101D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0	data	0122D8486A78A43A0F6FFA2A91C5D7DD	3539F6254F73187ABEF762C9C2E00333D45A7ECE	F671754C2D1954935B37612016A43EC7636CB42246EFA44C60E88B65F8A89FD8
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0	data	7AF35A9C668360E6E91E69734934774A	169F011E586437DA5803C6C78B5C88D689A4C5ED	A6545F24FA0488E9A012A009A600AD3E99A31DC022694F83C3498EA0E8769232
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0	data	F66B198E654C3913B41E6CB0B82C2FA2	836A0A7D9E15463A91CEA0B07DDCC48369BC9B97	3DC23BCA007CE7D09E78DF419609D841AE12960B4DDE9BB7180850896B1BD5F6
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0	data	CC7581EED2217FAF0973E227BFB0B3E2	604D77084E0561204951ABD906EF79F301090EB3	33F3EA8922C8C2E38B6A4DB23808FD603BC913C1170073F09314E36C75E4172E
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0	data	09DCAF21010167505921BFD9BE9706C1	A788DE4F203E62D5843604C23A110667C569AD68	55F5190C725642C94DE9AD1E9ED43DAB403ED25A14A713E22EF3F6C521999F13
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0	data	81A4584CFBE29DD2824281AA3981DBF8	FEF7AAB2A0B33E99F611209FF8D43564D901BF66	F49539516631BCDE41D06A3CE8330EBA55217754F0DA51FEFFBA9DA143DEDD24
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0	data	A8C3A23F01B78EEFDF38EE20BF8D2748	919B4D6D43AFB8187BC7855F0D76494ED1E2C76F	0A519AC0A158580E8C65ACC87BA1C4E0B1A5A973A0F915C4BBADB4F5924AE39D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0	data	BC48DA4BCF0EFE5885D2B8C142B72E23	1C88A1413D37FE35C0A1EDF8184CA84DAFC943F7	B0E47E2B0541C4C240A3629276B8BF4F026C634A2CED2D817709EDD6B0EEEF84
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0	data	DA0676EFF7772A219800B3A9B6F2550B	005626E36AE3BC09D01006E2C69C1E87C709DEA0	B7D5BC92517C72BEEECC5F1F0862951B2049B7AD7FFAF1C97F214DF2F2C6A58B
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0	data	3D2CDAC997DB8719B93A37478AEBB43D	820F0EA451AAB0651C414ADB3AAFF36826A6FCF5	8925B1D4F35D91D7E71B280D1707D641E454C2D524913FB630F4092B700875D9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index	data	C4E6F9B3C9FD5306AFA5DFB7E2F892D5	1844737CF1D833F45D499AA8FFB559391EE89E89	FD39D1ABCDF10053EFE20C54439BF389157C1E0A259015061D96600E3CCA204D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	7A28ACB59F70CF20953E0A4AA6CDD103	1B80619F477F2C33FC39DC66705856B58B431D5A	8B7D45694EBD5B707B5B96D743F9F8758A02EA9AC26824B476E1A9B5B96536FE
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links	data	28C3F901AA5AC270CCAB75AA191F3258	5D399FD68F093714478F4E722E6432F2F242EC89	7C8E9508FC031C0B9B0EF7AA2AC874A1C14DE506A9AA035917F03E6CA1D3480D
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-210505043724Z-239.bmp	PC bitmap, Windows 3.x format, 107 x -152 x 32	C2806B0C2398F311842C4FE04D6F5DC6	1FB409CAB558C07CCB9753AD8301E98012FEB9A7	7F4E880D8182CBCC060227B4E916411EE670BFDF9538552E8B82C17B2C92C348
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3024000	3828B7C42E233B119D0853817DAA07D7	4F414C0F0257C137623BDAFBD3CB0B55C7FA0CF0	FD8979D317C5392CF5BA95E09B25528D7383F55E925D30827AE623CA178D8951
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	data	37C6F0FFB4BC6BFEF158349C66FE2F02	BF9E09B3623B439B0A8F2484E321562B65DF0614	09CB1487A80CD0EAE68B0F68D864B5AA6538F892FB4AB260002F27C91BCC7F1C
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	B49FE17CE6BBCD288BFE9E9E8CDF92D6	DBB11DE534670C182E0197D40CA763D2A9969FEA	00F27048CB927B07E2CE208A00131872C467B127860FAF61E08D1B26E5EF8280
C:\Users\user\AppData\Local\Google\Chrome\User Data\09e82636-9696-4c70-b4c9-0c4353bce75e.tmp	SysEx File -	9D9EE2D847A0307EF735D63C40FB9D46	214019E8B1E69BA7215D57653AB56BE06231536D	776F91663D6E6249B662647D60A1996A21CCFC68BDF3F12A9219F686CD0912D0
C:\Users\user\AppData\Local\Google\Chrome\User Data\0b0adde5-de30-44e9-bafb-8a74599a27a7.tmp	ASCII text, with very long lines, with no line terminators	2CA046A323FCC5AF5C58CA940291F1FE	C6C61E7C79EF474A68256C8B1572ACE2A89DFD51	2C5099FEAE1F7150B7A3B935140A5E4902F2D199E511DB4D49B151D75B4F8093
C:\Users\user\AppData\Local\Google\Chrome\User Data\173bf113-f70c-4cc0-858f-826f0b8bcd24.tmp	ASCII text, with very long lines, with no line terminators	C16A7107D1E5ACAA31D39EE76DB57DBA	FAADB117817F321FAB7DBAD4A829D1E93EBE4C7B	2DC30FDA58DF3AC5ECA5C8D4090CCF06B4B53D29BAA7B72B8DF0FC0FDA0394A0
C:\Users\user\AppData\Local\Google\Chrome\User Data\28f96999-f0e3-4f35-a80f-d61de713d891.tmp	data	ABA8C108ED3459E556FE087A4A4998B6	70917A83147F261CA831FBBB77EA02C444EBEC53	DF6B40775F62FCE5DC245DAB2586A4F32C72222B86DFF59AF6845B0009B430A9
C:\Users\user\AppData\Local\Google\Chrome\User Data\4a487a11-82d5-4769-825f-bb955ad785ed.tmp	ASCII text, with very long lines, with no line terminators	C4B33A3459D1B0EC724CFB2D8823E64E	019EC3E8504302E0951163059C80287024796CB6	1ABD51E59C2745B1FEA038B4ED55CD61D28A472E12AF6A4334286100C9ADE2FD
C:\Users\user\AppData\Local\Google\Chrome\User Data\6a3f39b5-eec4-4f67-9165-1d24ee68ef19.tmp	data	4BB4A1B85D00742D58934905D3FA11C1	A6355E3D9278B1855ABC50C4B24CFB7F8B36B4F9	E59FF1504F8CF195B712FB313A7441887A5A18723896A4C1D34551F0E022BA74
C:\Users\user\AppData\Local\Google\Chrome\User Data\8d69a971-6cf3-4978-87be-562abc79c264.tmp	ASCII text, with very long lines, with no line terminators	C16A7107D1E5ACAA31D39EE76DB57DBA	FAADB117817F321FAB7DBAD4A829D1E93EBE4C7B	2DC30FDA58DF3AC5ECA5C8D4090CCF06B4B53D29BAA7B72B8DF0FC0FDA0394A0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	569FA64ACAA310B1DE1A6250CC7356B0	14251450C245F8612958BF94779E8B72AE6D6213	AEE20ADEBF2D35EB8A39BE2DC391B0E5966EFCB4AFDC971BB3A18115C929F563
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1704ca54-9349-4cf0-ac97-9bff9f5ae3ef.tmp	ASCII text, with very long lines, with no line terminators	829D5654ADF098AD43036E24C47F2A94	506C8BA397509BA0357787950C538C1879047DF3	4D0B852D18FCA5C1A712904CF6DB3811FB905E86D8A7508A2D42F9C8D68E2211
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1984a2dc-ae2c-47d2-b86b-1bc5989b41e2.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	19F8614143649B9130190C32DD755010	ACEE0509D17EDFEB69BB6D1F472ED5673AC6FA2B	A5B03875366D128D55E39F11302E2F1305647B06D923F93F42295EE449A52F30
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\22bba30f-fe97-4eab-abbd-83dfa1a134ca.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	45992FEFE6248B62934324C01004E325	39BBCBBCE7AA1E1FD6874027F2CF978E21E6A69F	3014F3F90DCCC022A1C00CB8C1CE29ABD4108AD20E018CDD224F1817E471D18F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3fc9083a-031d-414a-8ca4-0b0c0ec65718.tmp	ASCII text, with very long lines, with no line terminators	E449FE2B83C569E0376ABDDAA623E168	4D8687538C0FE7AB409A734A5CA9B13F7D1E5594	63658D1563C432148CA8ADD044056C51304E06E7CD6FD6691C31D493834984B3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4a93eb66-30ba-4de3-8ea0-312ddb38039b.tmp	ASCII text, with very long lines, with no line terminators	194340CBBD0072F2ECDB85242F9DC73D	55A50767056E0DCB81D2C08143F32519248A1525	9C840B1F390A130DE1FE82170583EA0609701122357225880AF42542206AD16C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8ec71e31-c09d-44e3-9325-61cdb8256334.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG	ASCII text	CB6F794EBE68DEAAFF2C09B818A0583C	A9C356FD3410C44984979FB712765EE1536C1A22	1275286A72FF5474D3C5F1B1C0958771B3D60F4B6C666791786D6D08E83B2540
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG	ASCII text	C8C19CC51BAC370A1F7969CC7D2F680B	078B9E8C5AED7D32F0EB2F7D0942A40EA17BE3B3	ACA33F8B27FC3197DA9FA3013708AF9C15525EEF3C08C60AFEF65EF1D76DF24C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	4D1388A02CCC5EC5DD3CAF5632A1ECAC	D1BB41B6D1A92CD76AECED42550604A1B058FB03	845440E197FE113A6E2248A01C4200708A915F4060F5580B3D080D977F122D5F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal	data	CB850731F58D110D3601BB0274D58807	8FF1CED0415560BFF1019B1E8392445B7D843A05	DA35BB58CEB999C56DCF986295FC624399C49602239E803AF1A0C6277FE5ED8D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session	data	65CAD1DE2494E106DE8625DCFFBE212B	2964CD0579B1A4EB52C9CB754FA9CED3949E3323	4411ACF800B988497CE0B0C29C25C304E7E28FE95ED3C75EFFF2AEEFDBA25CEF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	7FA0F874EABF1EED31988230680AD210	E71B360F1E8D5C278A051AD03DFB9027ACCF38C3	09E15F8939364145E710C314EBD93FD19BF60C2B6B20BF8023315D617B6B141B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	ASCII text	B19B5671F8D1A1E56F9C9649C4D119D3	F8C24F1E18D7616CD7CD26880DF1CFED4B165F7B	9A5926CBD53207DCA86B1B2B881C6DBF884E8054FB1E3F791BF1525BC228E02C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	9D7435EA49A80FDD66E4915F513017F9	469F6C6E4B19B85CC1BE497812B2F20864F4FF2C	409D4C47E940688527D730B996E8991E010988C7671565467ED69D640D0947F3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	ASCII text	D3B19CE65E9C83E417D9CEB1C2FC0A86	E0F56FAA6620997E38311F49492AC27E652A659C	769425B8BB9CA58CB67C270D1EDE34EA33175380BAAE301ED607809BC4DE81FA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	6AE2135EA4583C2F06CDEBEA4AE70FA4	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	0407B455F23E3655661BA46A574CFCA4	855CB7CC8EAC30458B4207614D046CB09EE3A591	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	C1CFDE34205758F06E1FCAA2C3A7B30A	F9CA7B66E8A0CEB685AFB8D0B00086F8C8746AA7	9910CE66ED9993D0FA6E4B73DB125F368D2184C59FC62998D819331E7BC796A5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG	ASCII text	89F9AF7B35C53B88B74390E43F092686	77F8E4DF22E096306E5CFEB4D9C90458F2D8CA9B	BC524A0D4D82F02604B175CCF219BC910AA13865DBF19673416630BB5BAF9F8D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	ASCII text	8F2B9EB9AF84854CD7CECDDD040D9A3B	C1318480EC4BDCB25B4B26CB8AB1848369B7CE1D	3D2B9ADFF6B582EB798C31AB300C22BD9E503DDEA5F760D9CC5D815A593FD4F5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal	data	C65A01A39B268F57BEF17B80CF55822B	4E428B83731C36AC848E71F02101191516218C1F	A43F614E3B7ADFAA80C764E77EBE543B8B05959F0DD8511E7085A2B3B77F2A88
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	data	5536E123249BFCEFA607D8D2E411C8BA	DC36B16A74449EDED022EE142A59E1D827E7B568	32791262754DEDC51A0F3C074F716A8882DF12B4B74A750EC8ECC3C4D8544A6A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	ASCII text	5A3F81690615A9E49F5AA61EB8C200E4	13BB74FFB13D4A2F6AC526BF9DC392F6079FBF5E	AEB6F86DFA786C239B338F6BB44D35C799011596C958E3AFF55D3F5EAB4B98B9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG	ASCII text	B8BC015BD8D80BDDAC4B2E4C75F8A989	AB27AA5B14C4547F000C4C1F24D42A9FEFB57EB8	4F6B639D2EC10D4F7B4957EDF79E5E9AF777825558C6F5FE81C17385B933DD78
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3032001	4BE4C838E4E4DE6D1E4C3E6F1EA4788D	B787A24CEF054EA1CBD1CA82A8B0309A74ADA085	496F9536D1031CDA040B01E02FEE32AA274B6F4D3CBCEE20D8F3DB27D8AEA34C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal	data	A98A2F8A8692A79315EB5AC11FC41DC3	3863DB43D33D81ED6161F8B16F8D6A0D100D4DA6	37A5831CA65BE3D33827B8B616AD24DAC2E61C0F81162B0747AB205F63143E09
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	data	1B4FA89099996CE3C9E5A0A9768230E8	9026E1E0906E3B3FE0E414EE814CC5A042807A04	537818AAFD0902A8B2D58B483674391E33E762B5E1E8CD226D873098CCE9C8F9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	ASCII text	2832A25FA38A5BB2C3C3251CB962D954	D607EEE7956D8FEB894ED3E557B48F0E56C5594C	8C61EB3CBD139BF02118B04FE76C000F76E2B521E1708201B2DFC5DC924F52BE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG	ASCII text	89C13CB4CCFC1B679EEFFB316932CCCC	B582AC2AA0A97E758AC35F754A1C7D8224DCC2DF	BB8DB94FC0E50235F3AB3A00528CE09C5DA6BF0117F0A6B61AECA7D594652C52
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\10b9cad4-7dff-4d1c-b1c2-32538d1f314b.tmp	ASCII text, with very long lines, with no line terminators	0C03D530AC97788D62D27B2802C34D83	20F78B6B32D98FA52846C70DF78E4E5CEF663E2D	7941FADA9867DAAE08EBC196BAFC6952DD506842C3E7D8FB14DF9D4E402D894B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	C4DF0FB10C4332150B2C336396CE1B66	780A76E101DE3DE2E68D23E64AB1A44D47A73207	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG	ASCII text	760C4E1F5525DF28C40E22F8DDBF15E0	59047565B9B44E6A9445930BB63246BD53EDA87A	7099A63BD9004F4BF947AD05CB7D88B20493535BF6AD5E5F32E850359773094A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG	ASCII text	C5E0BF6160FA6ABDD167B4C6E680B022	DE91275EDBB565E92C8DEBEEDEB40A2E89BAF079	C764F55FA33454764B874B6BF675EB95C07DC745F5E9E5415524D3D7B8F76560
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log	data	E556F26DF3E95C19DBAECA8F5DF0C341	247A89F0557FC3666B5173833DB198B188F3AA2E	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG	ASCII text	6E3AC55FA230FDF0C9F4F81A89E6E8F4	33E7A15833D85C4A945B52DD0DCE6F46753EFCF3	B896E5C3F0CB7AA8D801F9525D913E2E7F77B9D9F6B49184E16D6B2829BEA07C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	B505641E5E90B7CF4BC869DD1B4BE451	0EC7B13DC043E054AB48B8F45FE49EF1209C01AA	2755F85F14CF33404CEEBF053D0CB79DC3B98D643A51075737E6A5BE154FE1D9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG	ASCII text	1CCCAEC205F9CEABD1647205DAF860C4	59A3DDF4AB0ABCD2C81794D44892C735CEF80C1F	C617D691F34972FD8F66B21F1E21FE36D55E2F67494126F100BE835EBA09666D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG	ASCII text	7246DC3F5C29A8A7B72970A938BE5E76	FC4A1934415535E1EEA05AAD4E19BD2536B58EA3	A5E256B846E7A5E38722E48A8B212C692EE8B9053A9CE07723CCC7DA23DB3846
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	data	E9C694B34731BF91073CF432768A9C44	861F5A99AD9EF017106CA6826EFE42413CDA1A0E	01C766E2C0228436212045FA98D970A0AD1F1F73ABAA6A26E97C6639A4950D85
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	ASCII text	9B543DA0E42C6BBF12B8BBE6034BAC74	70E3679F8CEC7E1E546A1CB5C3786B8BA6D5552E	EA19A9B963E80CA50843ECC6C7C0A99F1EFF36495760B6B0DC4FA3F85536BE8A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\ed8954d8-3f2b-4e1b-b29d-f26f5a04eaca.tmp	ASCII text, with very long lines, with no line terminators	5886A009EB58EE06A16EFD6D1BA9A046	A867B5052F3FBB811693DF8CE3FDAA794F2F2E40	9E3392126DE2D81D019E0AB3E17F20BADD0EC9FBD944BCB7C4DAF449D937D496
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log	data	45A8ECA4E5C4A6B1395080C1B728B6C9	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	1190E9CD8C76FCEC38F85E6B5EC31EB9	169DFB0D486D972953F47DFE56A09F9F12BC2BC6	07D45AF7A6516D21C6CFFDE1714A8BBBAC6A3A64122751F5EFE09821738A2351
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG	ASCII text	B22631AF87065105FE9D0D6273C57957	F3FC031F05736275B5839E14D41813E5F52808F1	7C4633B4028BFA29E0964F5CDD8348DA5F55BBCBAF6E69228ABF9F5C2BB1D8AF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.ico.md5	data	61B979ECA159ECAC9C7F8F1D6FD43E9D	0373696351FC2172E811DA8393DEC84036FA34A0	AB05E0A6FF7E8FFF89F924B279D93AFC72ACCE817C4D250C60BB8059CC534303
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\b5a8ecfe-7314-4317-b824-5b7b7b4e9fc4.tmp	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel	33EABC19FDF40F3D36B6870EF5861957	CF3EF59C3940B58C314E9F6A1616751553F2D9A2	647D07F37554672865902B2CEE80864B5A5283C372C7263BB1497D5582054E57
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ca1cee88-2646-4171-b683-d27ad9a2c281.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	B9E94FFE0CE8DC46AA3C85763A55B3F1	8B4B186A02D0F1D3D2EA013AEA655E26EC91D77A	1BD157C48A82CC6BF3D549D3DC30D91B6F3A131EBD786FD9D56BE1890978F179
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	ASCII text	393D5C587B24A16B9EC0FC9230B51D72	47E4C9DE216F7B24B216BD342E80C117F73F2A76	D5DCF073C3DDD2E9C9FD61031618E82FE8D23B4F0EA12C36B2344A4083CD3E2D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004	MPEG-4 LOAS	031D6D1E28FE41A9BDCBD8A21DA92DF1	38CEE81CB035A60A23D6E045E5D72116F2A58683	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ed5d6151-0d60-484f-90d7-800486bfe018.tmp	ASCII text, with very long lines, with no line terminators	45C89F6483F11A11D31DD6876A2DA4E2	3C3C859C40B4085B255350D58370A5989329E64F	31C7EE26F1865E58D59BE6D7CD7056C0642679ACC8C9F0F3EDAA965F64C7D405
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f6521908-2c4e-411a-b23c-a3f6481e054e.tmp	ASCII text, with very long lines, with no line terminators	E378D877D4417405BED98D42C5DC1F1A	2A61103B0B004B4F4E45596E93B6E74127A511DA	2D55AB05B1847A6A75D1E4DE44A25E2F8DF9B51EF9CB7726ED579BAE2E33CE7C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fa27fcb2-2537-4f8a-82f2-aecdcf05d6ed.tmp	ASCII text, with very long lines, with no line terminators	A309A74ED1BB8B6C7F2C9DE10B7B9019	E20AED1F7E0D853180612EE4E0223D77F2FDD56D	254FB267DF155D027116A428F3B437966A6E1CF56AA4FF3AD74CE0A0BFEBEF04
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fa6d6a80-d129-4b65-9faf-0bbdec545827.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	32761058C8F9E7DB5F3410724855C720	DDEF4F6A501FDEFCA60A24E412B18A51D9EDB34C	A8D7A927AA137EE890797F26E83F6A203195D1B24CAA7A52258AE72164AA3F7A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	E4B308B60CE071A13D9FE0706A0F95A9	7A1F22707B8A36E1AC6E9228FE7F8EADED5391C5	D25AC3FB0C8D7063FDEF9654CC5FBDA6857BEEE7E2B64F8DE27E6240D6E5E643
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\a40ff550-3ee6-43bb-b91f-d73c23c5f402.tmp	ASCII text, with very long lines, with no line terminators	81DD776C6694ABA4B9EAA2AF54DBD210	A704E0C126A139CEA8F6533DED35486B11ED124A	249887E1B4EDD73E6DE42C9E6861C7C68558496190AE4A9751EF71623C792B9D
C:\Users\user\AppData\Local\Google\Chrome\User Data\f73a47cd-912c-4b81-a68d-6f838ad87f0a.tmp	ASCII text, with very long lines, with no line terminators	90152FED4C842CF980C2CF33AC15B791	342D8BE3468B096F243F0CB78943AECEC2076780	0DEABE5830C23D08779E44F75BAD5A21C1C26418B76AC0C47865895EC6AA038F
C:\Users\user\AppData\Local\Temp\0e2af63c-5c7c-441f-834a-07958c449341.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\31ee3490-1c20-4cae-a68c-fc3026a84dba.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\3c6fa991-d7a6-41ac-9001-cbc844aa6839.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\5228_446992993\manifest.fingerprint	ASCII text, with no line terminators	C00BCE97F21B1AD61EB9B8CD001795EE	8E0392FF3DB267D847711C3F4E0D7468060E1535	59F06F04230E32E8BC839F45B984D31D611930427B631C963D09E7064A602363
C:\Users\user\AppData\Local\Temp\923f43e7-861f-4e92-ac5f-a968c660770a.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\ba28ffcc-4894-4f95-8d42-d92d2bdb72de.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\ff7891e6-ecda-46c9-8a54-2bf2450ba0fb.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\31ee3490-1c20-4cae-a68c-fc3026a84dba.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\am\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	26330929DF0ED4E86F06C00C03F07CE3	478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C	621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\ar\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	44325A88063573A4C77F6EF943B0FC3E	78908D766F3E7A0E4545E7BD823C8ED47C7164EB	67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6911CE87E8C47223F33BEF9488272E40	980398F076BB7D451B18D7FDE2DE09041B1F55AD	273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\bn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F9DDF525C07251282A3BFFCEE9A09ABB	A343A078E804AF400A8F3E1891E3390DA754A5CD	C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A90CF7930E7C3BEC61EE252DEFAD574A	F630CA01114A7BDD39607CB84B8280CCE218A5C6	A533740E17559E2ADF40B4555C60F21EEC84E92C09CDBC19EED033A0B4DD2474
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	17E753EE877FDED25886D5F7925CA652	8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678	C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F08A313C78454109B629B37521959B33	3D585D52EC8B4399F66D4BE88CED10F4A034FCCC	23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	980FB419ED6ED94AD75686AFFB4E4C2E	871BFBCA6BCBA9197811883A93C50C0716562D57	585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	40EB778339005A24FF9DA775D56E02B7	B00561CC7020F7FE717B5F692884253C689A7C61	F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\en\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8351AF4EA9BDD9C09019BC85D25B0016	F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF	F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8A70C18BB1090AA4D500DE9E8E4A00EF	8AFC097FA956C1317DB0835348B2DA19F0789669	FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A62F12BCBA6D2C579212CA2FF90F8266	F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E	3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\fa\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	852BD3CFF960F1BC3A2AAB3CB3874EF9	C9F6F3C776542889FE3B67971D65ACFE048A3A0A	D87597B6C10364501B98AA42524843F109009CCEF022D8E0170440D7F144F4C6
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3902581B6170D0CEA9B1ECF6CC82D669	C8208AC2B1DD6D4F8BDAAE01C8BD71FFFA5A732B	D2A8180225A83A423BB6E17343DFA8F636D517154944002ED9240411B8C0C5E1
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\fil\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	59483AD798347B291363327D446FA107	C069F29BB68FA7BA2631B0BF5BBF313346AC6736	DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9B416146FE4F1403C2AACAC4DCF1A5C3	616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD	7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\gu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	68B03519786F71A426BAC24DECA2DD52	B8E6608932EC5CEC4BC3C5475BFC3E312D2E2E7D	C77A4D27E9E6CA25B9290056D93A656E3EBE975957E4C2EE9F0FB11B133D5CD4
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	20C86E04B1833EA7F21C07361061420A	617C0D70E162CF380005E9780B61F650B7A39F9B	C2C27CA242DBDE600BA3AA7782156BC2B190A64D8A1B51EDC8007BDECA139553
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3ED90E66789927D80B42346BB431431E	2B061E3271DF4255B1FFC47BDB207CDEC0D9724F	0B41E3C42414F72C9A12C05F8772597F9685115366A774C66018467AD4B71A74
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8E9FF7E49473C5734A2F6F0812E12EB3	A4F10DDD1580582533D5EB59EDF6D8048F887C81	6CDD2FB39ADECE00E88B989E464B05ED1414092D0492F6D0AE58D549BFD1A46A
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\id\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	7ADF9F2048944821F93879336EB61A78	C3DA74FB544684D5B250767BB0CB66FFB7C58963	3630947E1075E3663AD3E4824D0BE42CB47C0D615D8053E83B9595047C8BA9BE
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	BB3041A2B485B900F623E57459AE698A	502F5EA89F9FB0287E864B240EA39889D72053A4	025737EF8FA06706B3F26D0F52B4844244A6D33DAE1D82FEF2931A14C003D57E
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6F2CC1A6B258DF45F519BA24149FABDC	8A58C7880C6D22765DCBB6BCE22A192C1B109AE1	42ECFEE727CFC4F2845FEFDACE5EDC2E0A40AFAD69973A3B950CE653A7633342
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\kn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2E3239FC277287810BC88D93A6691B09	FC5D585DA00ADC90BF79109C7377BD55E6653569	5FC705AD19761204D8604EA069936A23731B055D51E7836CAAF16AC7719FBEEA
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	E303CD63AD00EB3154431DED78E871C4	3B1E5B8E2CF5EBDF5D33656EF80A46563F751783	FDE602BFDB1AFD282682DA5338C4F91D8A2F6CB5411DB8F62F4583D629CE67A6
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	93BBBE82F024FBCB7FB18E203F253429	83F4D80F64FA2ADCE6C515C5F663BD38A76C51DB	E7A8570922CCC4F2CA3721C4E61F426158C4E7BC90274FBC8BE4040FF8B6CA9B
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	388590CE5E144AE5467FD6585073BD11	61228673A400A98D5834389C06127589F19D3A30	05CA14196CA5D90B228C0F03684E03EBE403A3E7B513AE0A059244AE12B51164
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\ml\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2AF93901DE80CA49DA869188BCDA9495	E60DF4F2FB12BD3F1CA869DAD9F6BDE0C17CEB11	329E80AEE1212F634E180DEF7E16D6E38D9C9FDA9AC9DB1D99B8AE1626EF304E
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\mr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	659F5B4ACA112D3ECBB6EC1613DDE824	5DEE35FCD260554999F8DDEC489FBA9F81FA8EEE	C8B765E7A07578BC078A952E151E3B866506959E15E79E9E5E1DBB98F9C4008F
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\ms\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	09D75141E0D80FBD3E9E92CE843DA986	B24EAB4B1242C31B69514D77BC1DB36A3F648F40	8F1DBDEFD910AD88BEEC7956619CDB34391D6E69254C3A7497E8F87134AE8B5C
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	ED99169537909291BCC1ED1EA7BB63F0	5F72D51B6DBE8C622EF33D2B2AEBD7E9E20DAFB3	65B6598225ADA1E14EE9CB76CA863708E8F9EE0724B4EDC8F9508532BD631BAB
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\nl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	E9236F0B36764D22EEC86B717602241E	DE82B804B18933907095DEF3F2EF164C1BB5F9B6	300F4F7C45EBE39EAAF40776C28D0A399A710699AAB58E9A8D43A6FD2DD00376
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8254020C39A5F6C1716639CC530BB0D6	A97A70427581ADA902CA73C898825F7B4B4FAC8F	2F4E4FC6AEB4A8E7F0E0DCE220D66E763F4EBF1FA79985834D636C6692FEA3E8
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\pt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FABD5D64267F0E6D7BE6983AB8704F8C	D4DAAD0FF5C461C51E6C1FD22B86AFC5B13E123F	D82DCA262FF005668B252B478DEDAAC4A5C1E417AF9DE57C22F169A6680183AE
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	75E16A8FB75A9A168CFF86388F190C99	C27CE4C1DB3DF2D232925C73DC9AC1FA24DAD396	9C4716FF42A730F1E7725F0D9E703F311E79FDA31F85B4BB0B8863FC3C27AB9D
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8EF94823972EA8D2FC9BB7EC09AB1846	4171DC9CE9D82FDA5A280517A1FE58C907D75CE3	1009DB9FFA64E411B31E0780EBA43B9C9F8B05B5AC8CCA9A38514650261ABB0A
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C314FAC15AFF6A2EE9C732C64AB5A66D	D51F3362B5FDD2F3756DE42D7D6227DC818C6344	8EE2A25A09D6D0F89063FAA34BA2BC4DB505DD31FE6D5064C5D6E1E153721484
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F60AB4E9A79FD6F32909AFAC226446B3	07C9E383D4488BEBE316CA86966FC728F55A2E32	CDE581E6E7CF0136B003B45549E3BBEE7B67B74ADD786A8D5607BFDAD1DE7B87
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	4E233461D805CA7E54B0B394FFF42CAB	77F30833FC73A4C02C652C9E5A6EAFE9C3988A30	E1E1C64213EBF2CFEB7BA83E51B697CEA449B3A8B279B1024B859228DE869879
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	897DAE6B0CF0FDE42648F0B47CB26E06	E1F5F5F65AF34FF9484AB2B01E571EAF19BA23D0	52656C24F6F6D0F3B3FC01E9504C4D5CEB85624F1B22E974CA675DD0E94EB82D
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\sw\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	EC233129047C1202D87DC140F7BA266D	537E4C887428081365D028F32C53E3C92F29AAA6	28EDBC5C4858217811D45CAA215710E452C8926E4DE99F810001AD664D08BE0D
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\ta\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C50C5D2EDFC79DBDCBD5A58A027A3231	14314D760A18C39F06CD072CF5843832AFB86689	EEB0E89D5AD92B80FF08F88533A111DB3416D7C3860C64227D1CC8B7C2B58298
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\te\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F740F25488BE253FCF5355D5A7022CEE	203A8DF19BA5A602A43DE18E99A6615D950C450E	5B9C96CB5D62510836B321EB9CEEF23865BB9D4DC4DE7716E90A858E00701FDF
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9F926FCB8BAEA23453B99EA162CCDEA1	04D1E45591C0435A39DCA00A81E83E68585E8B64	100463C587F549C964A4EB21EA38EA1B4ADEF11E927FAC8FF884623B77202C02
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	B0420F071E7C6C2DE11715A0BF026C63	F41CC696786B18805DB8DC9E1E476146C0D6BE90	309F946F753DF6AF5C255D772EA0D429462152F78ABA4A96A2E369707A2C6B67
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FF06E78C06E8DFF4A422EA24F0AB3760	A434D1CE22DE0D2FD1842E94F5815F7B1972D1EE	E209FDEF12CCEC03B4E0D5B9464F90D527E62C5BC4DD565C680661D7F282AB02
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C3A40E8433D96D7E766C011D9EC7502B	EAB7BFAE48B1D29B95A8AE040DE94D3500824EE3	BD3D0F8CF100C96415B224011F550082D4516593CBD3631347748B7D6AD5B85A
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\zh\messages.json	UTF-8 Unicode text, with CRLF line terminators	D4513639FFC58664556B4607BF8A3F19	65629BC4CBBACA498F4082DD5884C8D3D7DDDC8A	C6D49997A9B4FF7FE701EC3644B1A523679A27778FB4BD39B7DBCA9F1ACCE595
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	494CE2ACB21A426E051C146E600E7564	D045ECC2A69C963D5D34A148FE4A7939DE6A1322	A1053F9496ED7FA3C625C94347F07A5E760F514FD8EE142EC9EE64E86B9C063D
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1755141670\CRX_INSTALL\manifest.json	ASCII text, with very long lines, with CRLF line terminators	F76238944C3D189174DD74989CF1C0C6	85CE141EC8867B699668A5F5A48F404C84FCEB04	2EF48A1CF322DE356E8844DD2FD3431E8E7ACD04770649B6507EACA5ABDB53A7
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\user\AppData\Local\Temp\scoped_dir5228_1943755729\ff7891e6-ecda-46c9-8a54-2bf2450ba0fb.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\3c6fa991-d7a6-41ac-9001-cbc844aa6839.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir5228_603165550\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27

ID:	404286
Product:	CloudBasic
Start time:	21:36:19
Start date:	04.05.2021
Sample:	reflective_practice_template_nhs[1].pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	bd93c6b39cf6fbfb5f2009a320f70ab2
SHA1:	bc2b60452dbe4994d0d1d8ab2a769b278a5cd58d
SHA256:	834c0a2229054d27ad6ce7ff422a332cd18694bd828c4a4b3a4745b0086fe144
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Analysis Report reflective_practice_template_nhs[1].pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains