Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://pinnaclepetroleuminc.godaddysites.com/

Overview

General Information

Sample URL:https://pinnaclepetroleuminc.godaddysites.com/
Analysis ID:448978
Infos:

Most interesting Screenshot:

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Detected potential crypto function
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cmd.exe (PID: 4232 cmdline: C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' > cmdline.out 2>&1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
    • conhost.exe (PID: 4952 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • wget.exe (PID: 5720 cmdline: wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' MD5: 3DADB6E2ECE9C4B3E1E322E617658B60)
  • chrome.exe (PID: 720 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'C:\Users\user\Desktop\download\index.html' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6024 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,16974770309779326767,15486729119825007596,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1772 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: unknownHTTPS traffic detected: 72.167.191.83:443 -> 192.168.2.3:49714 version: TLS 1.2

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
Source: TrafficSnort IDS: 466 ICMP L3retriever Ping 192.168.2.3: -> 23.10.249.73:
Source: unknownDNS traffic detected: queries for: pinnaclepetroleuminc.godaddysites.com
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/0
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.211956778.0000000000CF5000.00000004.00000040.sdmp, cmdline.out.3.drString found in binary or memory: http://certs.godaddy.com/repository/
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: http://certs.godaddy.com/repository/1301
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdig2s1-2115.crl
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdig2s1-2115.crl0
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdig2s1-2115.crlV
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crlM
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpString found in binary or memory: http://crl.godaddy.com/gdroot-g2.crlj
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/0
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.godaddy.com/05
Source: index.html.3.drString found in binary or memory: http://scripts.sil.org/OFL
Source: manifest.json0.6.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://accounts.google.com
Source: manifest.json0.6.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://apis.google.com
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: https://certs.godaddy.com/repository/
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://clients2.google.com
Source: manifest.json0.6.drString found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.6.drString found in binary or memory: https://content.googleapis.com
Source: 83efb3ab-45cc-4f9a-b960-a2a9c2594ccb.tmp.7.dr, 0786e044-ff35-44fc-9ee5-40f554e01a64.tmp.7.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://dns.google
Source: manifest.json0.6.drString found in binary or memory: https://feedback.googleusercontent.com
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.drString found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.6.drString found in binary or memory: https://fonts.googleapis.com;
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmp, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.6.drString found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.6.drString found in binary or memory: https://hangouts.google.com/
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: https://img1.wsimg.com
Source: index.html.3.drString found in binary or memory: https://img1.wsimg.com/isteam/ip/2c799769-c520-435d-aaec-05af746a3db0/image_2021-07-14_175004.png
Source: wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpString found in binary or memory: https://isteam.wsimg.com
Source: wget.exe, 00000003.00000003.211516799.0000000002BA8000.00000004.00000001.sdmpString found in binary or memory: https://kenyavalleyapt.buzz/info28962/proposal62271299
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://ogs.google.com
Source: manifest.json.6.drString found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: wget.exe, 00000003.00000002.211937943.0000000000B10000.00000004.00000020.sdmp, cmdline.out.3.dr, index.html.3.drString found in binary or memory: https://pinnaclepetroleuminc.godaddysites.com/
Source: wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpString found in binary or memory: https://pinnaclepetroleuminc.godaddysites.com/M
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://play.google.com
Source: 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://r3---sn-1gieen7e.gvt1.com
Source: 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.6.drString found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://ssl.gstatic.com
Source: messages.json72.6.drString found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json72.6.drString found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: index.html.3.drString found in binary or memory: https://www.fontsquirrel.com/license/league-spartan
Source: wget.exe, 00000003.00000002.212548294.0000000002B9F000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.212554022.0000000002BA7000.00000004.00000001.sdmp, index.html.3.drString found in binary or memory: https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applica
Source: manifest.json0.6.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://www.google.com
Source: manifest.json.6.drString found in binary or memory: https://www.google.com/
Source: manifest.json0.6.drString found in binary or memory: https://www.google.com;
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://www.googleapis.com
Source: manifest.json.6.drString found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.6.drString found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.6.drString found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.6.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.6.drString found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.6.drString found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.6.drString found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.6.drString found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.6.drString found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.6.drString found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.6.drString found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.6.drString found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.6.drString found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drString found in binary or memory: https://www.gstatic.com
Source: manifest.json0.6.drString found in binary or memory: https://www.gstatic.com;
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownHTTPS traffic detected: 72.167.191.83:443 -> 192.168.2.3:49714 version: TLS 1.2
Source: C:\Windows\SysWOW64\wget.exeCode function: 3_2_00D2EB803_2_00D2EB80
Source: C:\Windows\SysWOW64\wget.exeCode function: 3_2_00D2A21A3_2_00D2A21A
Source: classification engineClassification label: mal48.win@36/175@4/5
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\Desktop\cmdline.outJump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4952:120:WilError_01
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Local\Temp\f400f45c-e7e1-4864-8907-8ceadf68bd67.tmpJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Windows\SysWOW64\wget.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: unknownProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' > cmdline.out 2>&1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/'
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation -- 'C:\Users\user\Desktop\download\index.html'
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,16974770309779326767,15486729119825007596,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1772 /prefetch:8
Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P 'C:\Users\user\Desktop\download' --no-check-certificate --content-disposition --user-agent='Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko' 'https://pinnaclepetroleuminc.godaddysites.com/' Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1548,16974770309779326767,15486729119825007596,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1772 /prefetch:8Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\DictionariesJump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdicJump to behavior
Source: C:\Windows\SysWOW64\wget.exeCode function: 3_2_00D2F903 push 00000078h; retf 3_2_00D2F905
Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: wget.exeBinary or memory string: Hyper-V RAW
Source: wget.exe, 00000003.00000002.211971311.0000000000D18000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Windows\SysWOW64\wget.exeQueries volume information: C:\Users\user\Desktop\download VolumeInformationJump to behavior
Source: C:\Windows\SysWOW64\wget.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath InterceptionProcess Injection1Masquerading3OS Credential DumpingSecurity Software Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsProcess Injection1LSASS MemorySystem Information Discovery12Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information1Security Account ManagerRemote System Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://pinnaclepetroleuminc.godaddysites.com/0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://dns.google0%URL Reputationsafe
https://dns.google0%URL Reputationsafe
https://dns.google0%URL Reputationsafe
https://kenyavalleyapt.buzz/info28962/proposal622712990%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
googlehosted.l.googleusercontent.com
172.217.168.33
truefalse
    high
    pinnaclepetroleuminc.godaddysites.com
    72.167.191.83
    truefalse
      high
      img1.wsimg.com
      unknown
      unknownfalse
        high
        clients2.googleusercontent.com
        unknown
        unknownfalse
          high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          file:///C:/Users/user/Desktop/download/index.htmltrue
            low

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://img1.wsimg.com/isteam/ip/2c799769-c520-435d-aaec-05af746a3db0/image_2021-07-14_175004.pngindex.html.3.drfalse
              high
              http://crl.godaddy.com/gdig2s1-2115.crlVwget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpfalse
                high
                https://dns.google83efb3ab-45cc-4f9a-b960-a2a9c2594ccb.tmp.7.dr, 0786e044-ff35-44fc-9ee5-40f554e01a64.tmp.7.dr, 0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drfalse
                • URL Reputation: safe
                • URL Reputation: safe
                • URL Reputation: safe
                unknown
                http://certificates.godaddy.com/repository/0wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpfalse
                  high
                  http://certs.godaddy.com/repository/1301wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpfalse
                    high
                    http://crl.godaddy.com/gdroot-g2.crlMwget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpfalse
                      high
                      https://www.godaddy.com/websites/website-builder?isc=pwugc&utm_source=wsb&utm_medium=applicawget.exe, 00000003.00000002.212548294.0000000002B9F000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.212554022.0000000002BA7000.00000004.00000001.sdmp, index.html.3.drfalse
                        high
                        https://kenyavalleyapt.buzz/info28962/proposal62271299wget.exe, 00000003.00000003.211516799.0000000002BA8000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://crl.godaddy.com/gdig2s1-2115.crl0wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpfalse
                          high
                          https://img1.wsimg.comwget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpfalse
                            high
                            http://crl.godaddy.com/gdroot-g2.crl0Fwget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpfalse
                              high
                              https://isteam.wsimg.comwget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpfalse
                                high
                                http://crl.godaddy.com/gdroot-g2.crljwget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpfalse
                                  high
                                  https://pinnaclepetroleuminc.godaddysites.com/wget.exe, 00000003.00000002.211937943.0000000000B10000.00000004.00000020.sdmp, cmdline.out.3.dr, index.html.3.drfalse
                                    high
                                    http://certs.godaddy.com/repository/wget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmp, wget.exe, 00000003.00000002.211956778.0000000000CF5000.00000004.00000040.sdmp, cmdline.out.3.drfalse
                                      high
                                      https://www.fontsquirrel.com/license/league-spartanindex.html.3.drfalse
                                        high
                                        https://clients2.googleusercontent.com0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp.7.dr, 992a1d58-1303-4672-b8f3-bf40ed48004b.tmp.7.drfalse
                                          high
                                          http://crl.godaddy.com/gdig2s1-2115.crlwget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpfalse
                                            high
                                            http://crl.godaddy.com/gdroot-g2.crlwget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpfalse
                                              high
                                              http://scripts.sil.org/OFLindex.html.3.drfalse
                                                high
                                                http://certificates.godaddy.com/repository/gdig2.crt0wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpfalse
                                                  high
                                                  https://feedback.googleusercontent.commanifest.json0.6.drfalse
                                                    high
                                                    http://certificates.godaddy.com/repository/gdig2.crtwget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpfalse
                                                      high
                                                      https://pinnaclepetroleuminc.godaddysites.com/Mwget.exe, 00000003.00000003.211527973.0000000002B68000.00000004.00000001.sdmpfalse
                                                        high
                                                        https://certs.godaddy.com/repository/wget.exe, 00000003.00000002.212557894.0000000002BA9000.00000004.00000001.sdmpfalse
                                                          high

                                                          Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          72.167.191.83
                                                          pinnaclepetroleuminc.godaddysites.comUnited States
                                                          26496AS-26496-GO-DADDY-COM-LLCUSfalse
                                                          239.255.255.250
                                                          unknownReserved
                                                          unknownunknownfalse
                                                          172.217.168.33
                                                          googlehosted.l.googleusercontent.comUnited States
                                                          15169GOOGLEUSfalse

                                                          Private

                                                          IP
                                                          192.168.2.1
                                                          127.0.0.1

                                                          General Information

                                                          Joe Sandbox Version:33.0.0 White Diamond
                                                          Analysis ID:448978
                                                          Start date:14.07.2021
                                                          Start time:22:31:39
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 6m 6s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:urldownload.jbs
                                                          Sample URL:https://pinnaclepetroleuminc.godaddysites.com/
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:29
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Detection:MAL
                                                          Classification:mal48.win@36/175@4/5
                                                          EGA Information:Failed
                                                          HDC Information:Failed
                                                          HCA Information:
                                                          • Successful, ratio: 100%
                                                          • Number of executed functions: 0
                                                          • Number of non-executed functions: 1
                                                          Cookbook Comments:
                                                          • Adjust boot time
                                                          • Enable AMSI
                                                          Warnings:
                                                          Show All
                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                          • Excluded IPs from analysis (whitelisted): 168.61.161.212, 2.20.157.220, 13.64.90.137, 40.88.32.150, 23.10.249.99, 23.10.249.73, 172.217.168.45, 216.58.215.238, 172.217.168.35, 172.217.168.14, 74.125.173.168, 34.104.35.123, 95.100.54.203, 20.82.209.183, 172.217.168.42, 216.58.215.234, 172.217.168.10, 23.0.174.200, 23.0.174.185, 40.112.88.60, 20.50.102.62, 23.10.249.43, 23.10.249.26, 20.82.210.154
                                                          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, e40258.g.akamaiedge.net, store-images.s-microsoft.com-c.edgekey.net, clientservices.googleapis.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, r3---sn-1gieen7e.gvt1.com, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, clients2.google.com, redirector.gvt1.com, audownload.windowsupdate.nsatc.net, update.googleapis.com, arc.trafficmanager.net, watson.telemetry.microsoft.com, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, global-wildcard.wsimg.com.sni-only.edgekey.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, skypedataprdcolwus17.cloudapp.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, accounts.google.com, r3.sn-1gieen7e.gvt1.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, www.googleapis.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, clients.l.google.com
                                                          • Execution Graph export aborted for target wget.exe, PID 5720 because there are no executed function
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report size getting too big, too many NtCreateFile calls found.
                                                          • Report size getting too big, too many NtOpenFile calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                          • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                          • VT rate limit hit for: https://pinnaclepetroleuminc.godaddysites.com/

                                                          Simulations

                                                          Behavior and APIs

                                                          No simulations

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          No context

                                                          Domains

                                                          No context

                                                          ASN

                                                          No context

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):451603
                                                          Entropy (8bit):5.009711072558331
                                                          Encrypted:false
                                                          SSDEEP:12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
                                                          MD5:A78AD14E77147E7DE3647E61964C0335
                                                          SHA1:CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
                                                          SHA-256:0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
                                                          SHA-512:DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\0cbc4fd3-e92e-4f54-9c67-19a2090b31ee.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):173763
                                                          Entropy (8bit):6.080157791737749
                                                          Encrypted:false
                                                          SSDEEP:3072:Pe2i005h14shd52ieCF8aM7ccCvd2IwZf6nFcbXafIB0u1GOJmA3iuRI:2y0Rbh9IHNmMMaqfIlUOoSiuRI
                                                          MD5:A57B794C4A53B3E1B129C18A207B64C5
                                                          SHA1:4AC072D55EB51A0B5B737C6893370C05C943C905
                                                          SHA-256:32ACA17D32781C9D9CDAEF2FBAA37F58A2C7B6129ACA7EC8C48A46ED466D7793
                                                          SHA-512:BE11B45B3D9CCC7FA1BFAFBD15739C3F797F159EB8C959C5B1A45055983064A2B8F94A5CA1213258B4FA7C90BCFB06657D217A93D222E958F8A1DDA1225E7966
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626327158045686e+12,"network":1.62629476e+12,"ticks":4068264096.0,"uncertainty":4712751.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\151b273a-95b9-4bb3-929a-3ff50c9e195d.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):95428
                                                          Entropy (8bit):3.751927106779627
                                                          Encrypted:false
                                                          SSDEEP:384:9oBmrcTvVWchiZlViY/6Nfr8vLR3crVoHxkGwPrK1PXxMp1Rkr+3meKQWB/v3IOj:mBmDSaFVWpgU4enTZVovPKFK/dLNJ
                                                          MD5:AA16D0043ACA9369544B01A02ED8AAC3
                                                          SHA1:5ABCDE2D34C75066CDA0205B406C828A45FFF78C
                                                          SHA-256:9E0E30FA2F6E20ECFE95644CE15F4D391A67D138792AA42C56E807F2E9D33576
                                                          SHA-512:243539FE99D2152BFB955141D107510DC08E2BB03343DD11D135FE1297A6A6A1E27903928F88D0F2E36B5E8CED60C4F450082A64D1F32866D45C8D5D023435D2
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: .t..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....?8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\1644f104-b3fc-4a99-922e-6ef443270d6b.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):165399
                                                          Entropy (8bit):6.050335465516837
                                                          Encrypted:false
                                                          SSDEEP:3072:3i005h14shd52ieCF8aM7ccCvd2IwZf6nFcbXafIB0u1GOJmA3iuRI:h0Rbh9IHNmMMaqfIlUOoSiuRI
                                                          MD5:5C34CC9514A70FA8BAC360692C7569F2
                                                          SHA1:DA43307B6C43D15CA5BC0855F3BA81627B6F69EF
                                                          SHA-256:2255EEFAAF5F48016BDBC8D3A7F3A4E086AF29AF2D2D28A01577BB2AF06932EB
                                                          SHA-512:29884846B76FCE017C9A10FF7D1B479B456A4FD7CDF90B7750709316C5A80684DF4519AA055012DFBDB5A4E80DB0ED4C3DC03594C1037A5A54EEEA5B96F07AC2
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626327158045686e+12,"network":1.62629476e+12,"ticks":4068264096.0,"uncertainty":4712751.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016810194"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\29a7f201-52f4-47a7-9151-d0a07624b5ae.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):173763
                                                          Entropy (8bit):6.08015923911749
                                                          Encrypted:false
                                                          SSDEEP:3072:Pe29005h14shd52ieCF8aM7ccCvd2IwZf6nFcbXafIB0u1GOJmA3iuRI:m10Rbh9IHNmMMaqfIlUOoSiuRI
                                                          MD5:A8906CB7740D4095DBA0648905142E83
                                                          SHA1:D81ED85F65D0D8E880D378C027BE8E9058AB7A12
                                                          SHA-256:2FE232E2D72822BC345E2CE357A80BC1CA3D4CF954EE57766265D5A096DB8D80
                                                          SHA-512:C9F7FF0095DA189E78DFF7ED80CE1A0CEEF036B05A4BFBDD5C8D53C6E4014F844AC7A54DB5440101335A76B7899D63CEAA0FC4016D9C0E14C19347F092FD14EF
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626327158045686e+12,"network":1.62629476e+12,"ticks":4068264096.0,"uncertainty":4712751.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\402ca87a-27a9-4a62-8f05-a338a2f3aa25.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):165399
                                                          Entropy (8bit):6.050335465516837
                                                          Encrypted:false
                                                          SSDEEP:3072:3i005h14shd52ieCF8aM7ccCvd2IwZf6nFcbXafIB0u1GOJmA3iuRI:h0Rbh9IHNmMMaqfIlUOoSiuRI
                                                          MD5:5C34CC9514A70FA8BAC360692C7569F2
                                                          SHA1:DA43307B6C43D15CA5BC0855F3BA81627B6F69EF
                                                          SHA-256:2255EEFAAF5F48016BDBC8D3A7F3A4E086AF29AF2D2D28A01577BB2AF06932EB
                                                          SHA-512:29884846B76FCE017C9A10FF7D1B479B456A4FD7CDF90B7750709316C5A80684DF4519AA055012DFBDB5A4E80DB0ED4C3DC03594C1037A5A54EEEA5B96F07AC2
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626327158045686e+12,"network":1.62629476e+12,"ticks":4068264096.0,"uncertainty":4712751.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016810194"},"plugins":{"metadata":{"adobe-flash-player":{"disp
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\97fcb909-f843-4c64-a337-9a78a5a6613e.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):92724
                                                          Entropy (8bit):3.751599543251354
                                                          Encrypted:false
                                                          SSDEEP:384:zoBmrcTvVWctZ+/6Nfr8vLR3crVoHxkGwPrK1PXxMp1Rkr+3meJWB/v3IOpZHNGp:EBmcaFVWp8U4enTZVovPKFK/dLNs
                                                          MD5:801E3FC2390B9F60C053DC71D0B4A6D2
                                                          SHA1:808C3CDD781A0D88BECD7BE3A3E8B37B70FC5994
                                                          SHA-256:1C619DC723C83ED5D2BEEED714D65B3022A1438EC86ED89D71FB48272B0525B5
                                                          SHA-512:83C8B930DB532A3F8EB0028319AA373EDFDDAB004783A59B99036BB78B9CF95BB87A9D5A9018E0FC8C0E8F10A279919B30CDE843992FDDD51321FBA9EEA7D082
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: 0j..............*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6...*...M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....?8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):120
                                                          Entropy (8bit):3.254162526001658
                                                          Encrypted:false
                                                          SSDEEP:3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
                                                          MD5:E9224A19341F2979669144B01332DF59
                                                          SHA1:F7F760C7104457DF463306A7F7BAE0142EFCEB5B
                                                          SHA-256:47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
                                                          SHA-512:4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0d8b8803-4945-4ebd-b34b-3162b3dff053.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):4219
                                                          Entropy (8bit):4.871684703914691
                                                          Encrypted:false
                                                          SSDEEP:48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
                                                          MD5:EDC4A4E22003A711AEF67FAED28DB603
                                                          SHA1:977E551B9ED5F60D018C030B0B4AA2E33B954556
                                                          SHA-256:DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
                                                          SHA-512:84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0e3da781-2534-49cf-aa97-12d55abc2677.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:very short file (no magic)
                                                          Category:dropped
                                                          Size (bytes):1
                                                          Entropy (8bit):0.0
                                                          Encrypted:false
                                                          SSDEEP:3:L:L
                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: .
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1611abed-3e3b-4275-8567-0780cf639c79.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):4842
                                                          Entropy (8bit):4.952716906365969
                                                          Encrypted:false
                                                          SSDEEP:48:YcLUklSLklwHjecBqA8dqTlYqlQKHoTw0FH3CH3G/s8C1Nfct/9BhUJo3KhmeSnz:nLCtoXMpcKIFok0JCKL8VbOTQVuwn
                                                          MD5:5643A9B3CB102CC3A766779F1F95D102
                                                          SHA1:94CAB56AADF711A77F05A7E5F56A80756EB6FB9F
                                                          SHA-256:EDEC6E04B824BD16D4CCBC32A2D2D04840B546961F0BFB35525CF97E8DE2B70E
                                                          SHA-512:84460AC09D4C80F27A3057B2FFC264EF8CA2010DB6E7894E5352D9A15E8B75A00202C4A12DDC5E989DB7B2F651598AF735D25748A160669DDC546BF6E822CC10
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13270800755031630","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\316b0ec4-125d-4a3a-bf8c-098ccb0b9329.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):1039
                                                          Entropy (8bit):5.568491184256563
                                                          Encrypted:false
                                                          SSDEEP:24:YI6H0UhVsTG1KUerkq/HeUeXby2qUeXvVb7wUURUenHQ:YI6UUhVseKUewqPeUer2UefpwUYUenw
                                                          MD5:A5BF5AFF95CC424118CC57C2ADEA7226
                                                          SHA1:CF8623B432B6412F31D53F809CAC7A664186AF62
                                                          SHA-256:C9F7C1D5F0F55DDA2DE85C25CB1A24724A67357CE4465178FB9C5FE932DD07D0
                                                          SHA-512:B271C739AD3CDF2053C6ECF68677D89997264D565545F0113FED3CC953CBF2215A4BA2C009E51B31C63495A42452EB4CAEA78F4DBEF90F6B2F7EE14FB2EF6BFF
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"expect_ct":[],"sts":[{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.919383},{"expiry":1657863159.830438,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1626327159.830442},{"expiry":1633014077.462534,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_obs
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3af28d95-9893-4375-8133-e589123dfe5c.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:UTF-8 Unicode text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):16745
                                                          Entropy (8bit):5.57805272700769
                                                          Encrypted:false
                                                          SSDEEP:384:vDLtALlOfX71kXqKf/pUZNCgVLH2HfDLrU408zl4C:6LlY71kXqKf/pUZNCgVLH2Hf3rU40ElJ
                                                          MD5:41B9BD978443BCAA6FAB460FAE4E4B2B
                                                          SHA1:F198E6A071A0B0BB95DF9DE52FBD08FDC0ABBCCC
                                                          SHA-256:513ACAAFFD002A31FA6BF7AE60030F3EFE3D8B32D14E7E38767311FBFC0808F4
                                                          SHA-512:02CDEE0DD5F1623EDC0F9B875BE88C2F8DD4D606D1DFA5B4D7B95861C844677F6A43AB55FFBE76DEC61E0FEFA41056FB948A2ADF0A40CF9A0A0D1AB11DB1D4F9
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13270800754783955","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4562018f-a862-4bef-9425-24ef61cae3b9.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):5499
                                                          Entropy (8bit):5.181263494290372
                                                          Encrypted:false
                                                          SSDEEP:96:nLCtyrMXaCWccKInok0JCKL8fbOTQVuwn:nLCKMxcs4Kg
                                                          MD5:A3A1AE62D5AD93EBF898E9B5020BAC9E
                                                          SHA1:16DF2FA9B885580F4A96E0410CF6BC3A29828046
                                                          SHA-256:5FC16D8F617B003A1AD30A79DB2457368C9489D0A4E9ABA4AB963A84590CB2BC
                                                          SHA-512:D8557BAC976B226329EDD2CF88797B094FD6CB3519F542AD62143C430BB29C2385C56C54537CEDEA8349AC81DF4A49C3C9633FF67A0C7375574D37204D9470EC
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13270800755031630","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5e317d77-67f5-413b-add0-513d376907fd.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):5473
                                                          Entropy (8bit):5.178000121877279
                                                          Encrypted:false
                                                          SSDEEP:96:nLCtPrMXaCWccKInok0JCKL8VbOTQVuwn:nLChMxcs4K6
                                                          MD5:8B50349F5824AB0503854572A4DF29B5
                                                          SHA1:D9A47C1625E0C7CB1BF86316EC24B19F7ECB0475
                                                          SHA-256:E62CA5198D5824BE149048F5AF200E8FBF24502BCE11DBB557A9AB00C5F5D2FD
                                                          SHA-512:8235FC73F264C00C037FD87BD81937D62D600C8B505EC9D594A5B151900085663A358351D5EEF7F53EAE56A082FC5E68B08885D23D0F652ED73B1BB584AD048B
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"account_id_migration_state":2,"account_tracker_service_last_update":"13270800755031630","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\992a1d58-1303-4672-b8f3-bf40ed48004b.tmp
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:modified
                                                          Size (bytes):2073
                                                          Entropy (8bit):4.8950426054163065
                                                          Encrypted:false
                                                          SSDEEP:48:Y2TntwCXGDHz5shRLs4ZTscAShswJtyKsw3zsgMHuOYhbD:JTnOCXGDHz2XZ6CP5FGUhH
                                                          MD5:8E631E00C9252980BB7FEE91A4429770
                                                          SHA1:0081ABA40C438BAC394B696D7F8F5C5E4775A52A
                                                          SHA-256:6FB3C6C4182F25A710081468121180ED79EE98DDEE6F72A7384F8DE5C2AC087F
                                                          SHA-512:0A14FFA81AF1DF36FE3AD337D51FB68F5B6FED71769F8D48129C80EA516D3F868BA974DAFC616AE42974FAC52B96083336056CC69E22C5912A5A072231626102
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13273392759830389","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13273392759877068","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","suppo
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):334
                                                          Entropy (8bit):5.184814857606651
                                                          Encrypted:false
                                                          SSDEEP:6:mk+YDUM+q2PWXp+N23iKKdK9RXXTZIFUtpz+YDjZmwPz+YDwMVkwOWXp+N23iKKU:NYM+va5Kk7XT2FUtp9n/P9MMV5f5Kk73
                                                          MD5:AEB64F2FEF0DE50183B75A9338401A6F
                                                          SHA1:DE0FDA565737A11EDDFF468E7EF507DC0FF603C4
                                                          SHA-256:409A3227D37D8C51B20D03C2F7357E68B15E150D45FFF58A31CB6CD2C986C7C8
                                                          SHA-512:9234DB3C71EF78E843FA7405B614BFF729EA3502A98D4CF66216E50711A86645597B24E783417D91A86BAE621943E889CD84F7F3A1B2A7A2C7F52F0B259D17DE
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: 2021/07/14-22:33:00.317 11fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/07/14-22:33:00.319 11fc Recovering log #3.2021/07/14-22:33:00.322 11fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):318
                                                          Entropy (8bit):5.200973573763091
                                                          Encrypted:false
                                                          SSDEEP:6:mk+YDX8M+q2PWXp+N23iKKdKyDZIFUtpz+YDX/mZmwPz+YDXaRpMVkwOWXp+N23m:NL8M+va5Kk02FUtp9L/m/P9LSpMV5f5A
                                                          MD5:8F4FB58A79C94C8AE144B94529F7127F
                                                          SHA1:2CCC4EB6563174EC875D165C40F4ED51670719D2
                                                          SHA-256:555C94F6AE317A45FD0AF8610367C8393B8B9842BA385080D62A444D8AAF71F2
                                                          SHA-512:CAC2078B9A10530A4F663902B98066BB096AF05FC99C87CC6C635334AE984B8DF59B1B2040A19135E1FB5D0BDC8FA61622E6DFD483F54BB115CFE70A55557E9C
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: 2021/07/14-22:33:00.270 11fc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/07/14-22:33:00.288 11fc Recovering log #3.2021/07/14-22:33:00.289 11fc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                          Category:dropped
                                                          Size (bytes):12288
                                                          Entropy (8bit):0.6863571317626186
                                                          Encrypted:false
                                                          SSDEEP:12:TLyen4ufFdbXGwcFOaOndOtJRbGMNmt2SH/+eVpUHFxOUwae6:TLyqJLbXaFpEO5bNmISHn06Uwd
                                                          MD5:1C0EAEEE6463CAE33B7A7CD9D9DF4DA5
                                                          SHA1:FBC6A28A1501E40154FDC0A9D0C2F34A5F88AA65
                                                          SHA-256:ED8AE7C5E6885874A39F4E86258F552670352A18D29BE1FF4D372A2F4CD06C8A
                                                          SHA-512:355D19828609971998B09B36E7C7D304B7FB88C7A726670BEBF5CF2E2710F8E71B0F9DEF6FE9712B484C1EB122AEEEFDECF31D13E02C4539C399DFB86EC7619F
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):12836
                                                          Entropy (8bit):0.968280110875314
                                                          Encrypted:false
                                                          SSDEEP:24:X4FcLgAZOZD/pqLbJLbXaFpEO5bNmISHn06Uwat8:oF8NOZpq5LLOpEO5J/Kn7U5t8
                                                          MD5:82DBBC381CFB80C3E1356E0449815535
                                                          SHA1:ADD71FEB9E99ECDA6E46C9D75FE201EF3E2A49DE
                                                          SHA-256:54450B6C16C2D94DA4DA00322F5CCA4C323EF6D54F8F9DDE14C24D678E03A803
                                                          SHA-512:7277AB9247CD36E9B8D452CAE6D9FF6E9A4A93F0CC04B9435C0A1817856448C75D6D5AC39F9CFDC19FD1FF6D5DC926F91A99823174951CBC7528C972CBD37AEF
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: ............P..F........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):968
                                                          Entropy (8bit):3.388890081545902
                                                          Encrypted:false
                                                          SSDEEP:12:3olydJhHnKKtiPlpxlpN8kIyTJWBBKjmy/rlaKtf3/JzEKBBKjmVXV:34SJKuIlrlAKWDWmy5BHDWmVXV
                                                          MD5:8EBA40245A71FD632CC33593B7F9282B
                                                          SHA1:058F282D57F79BB338B26FFEBC9299D8C9774446
                                                          SHA-256:E41606C5FC51C834C7855B3E6E5E60DAE552BC7F81286DF2CDBCED52B2A8BE85
                                                          SHA-512:D3572DC5B4B87AFE8116DCE94B7BA49C483DBFC220275CE6687F07067DF520E07F54F11494BC9DC3D5D46AC1746F337B3A35DB2A1EAD6D0F151032F1C22398B4
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: SNSS....................................................!.............................................1..,.......$...59825c8c_b0ee_4005_94a5_218e01ce41ba........................M.................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}................|...........2...file:///C:/Users/user/Desktop/download/index.html......................................................h.......`.......................................................z.m."...{.m."...........(...............................l...2...f.i.l.e.:./././.C.:./.U.s.e.r.s./.h.a.r.d.z./.D.e.s.k.t.o.p./.d.o.w.n.l.o.a.d./.i.n.d.e.x...h.t.m.l.....................................8.......0.......8....................................................................... .......................................................2...file:///C:/Users/user/Desktop/download/index.html...........%/.............................................
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):8
                                                          Entropy (8bit):1.8112781244591325
                                                          Encrypted:false
                                                          SSDEEP:3:3Dtn:3h
                                                          MD5:0686D6159557E1162D04C44240103333
                                                          SHA1:053E9DB58E20A67D1E158E407094359BF61D0639
                                                          SHA-256:3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
                                                          SHA-512:884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: SNSS....
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):164
                                                          Entropy (8bit):4.391736045892206
                                                          Encrypted:false
                                                          SSDEEP:3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB
                                                          MD5:0A906A9A542CDF08FF50DAAF1D1E596E
                                                          SHA1:B97D6274196F40874A368C265799F5FA78C52893
                                                          SHA-256:EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D
                                                          SHA-512:8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491A
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: .f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):320
                                                          Entropy (8bit):5.208207240776643
                                                          Encrypted:false
                                                          SSDEEP:6:mk+/eVq2PWXp+N23iKKdK8aPrqIFUtpz+/0QYgZmwPz+/aVSIkwOWXp+N23iKKdr:QeVva5KkL3FUtpggg/PgeSI5f5KkQJ
                                                          MD5:70C3B50785B6DC2411CF85999BB9E7BE
                                                          SHA1:1F1C32282926E48740F8F076BAECA36E78CF1AF5
                                                          SHA-256:8611846297A02924639A49B4E772F5B36927C48D88B1D2FAAF785CF1DF2AA64D
                                                          SHA-512:1F921CD4079376BDE18689A279E6796687E648B749F409943FE0D49450C8B6554D414B593C0AF62599F064B109CE02A39F6E6050CA4F29DF8986163129541B96
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: 2021/07/14-22:32:35.046 12e0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/07/14-22:32:35.048 12e0 Recovering log #3.2021/07/14-22:32:35.049 12e0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:data
                                                          Category:dropped
                                                          Size (bytes):570
                                                          Entropy (8bit):1.8784775129881184
                                                          Encrypted:false
                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
                                                          MD5:D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A
                                                          SHA1:FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7
                                                          SHA-256:99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6
                                                          SHA-512:86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C51
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: .f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text
                                                          Category:dropped
                                                          Size (bytes):320
                                                          Entropy (8bit):5.23805831874356
                                                          Encrypted:false
                                                          SSDEEP:6:mk+s+q2PWXp+N23iKKdK8NIFUtpz+f/FXZZmwPz+fYVkwOWXp+N23iKKdK8+eLJ:H+va5KkpFUtpK/FXZ/PKYV5f5KkqJ
                                                          MD5:95ADDBBDBD65FCE236C4BB495EAE6C7D
                                                          SHA1:01917E118E7C0D84C572567B87D8D8C92438E752
                                                          SHA-256:8D6F53B302C0E5095481F177B1AEF60050FF31321313B3B5D64D636C1F68C548
                                                          SHA-512:1A54568A6ECE12FE68B5664B2EBC433DA02D6BE0D0E5B44DF18B6067A049D3BB9E9571D35FF794C07F63942A105F3658731DCD2271A69E7663C9558F92CFBEF7
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: 2021/07/14-22:32:37.399 16dc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/07/14-22:32:37.400 16dc Recovering log #3.2021/07/14-22:32:37.401 16dc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):11217
                                                          Entropy (8bit):6.069602775336632
                                                          Encrypted:false
                                                          SSDEEP:192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
                                                          MD5:90F880064A42B29CCFF51FE5425BF1A3
                                                          SHA1:6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
                                                          SHA-256:965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
                                                          SHA-512:D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json
                                                          Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          File Type:ASCII text, with very long lines, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):23474
                                                          Entropy (8bit):6.059847580419268
                                                          Encrypted:false
                                                          SSDEEP:384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
                                                          MD5:6AE2135EA4583C2F06CDEBEA4AE70FA4
                                                          SHA1:DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
                                                          SHA-256:03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
                                                          SHA-512:B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
                                                          Malicious:false
                                                          Reputation:low
                                                          Preview: {"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L
                                                          <
                                                          C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log