Play interactive tour

Edit tour

Windows Analysis Report DHL Documents.html

Overview

General Information

Sample Name:	DHL Documents.html
Analysis ID:	452310
MD5:	1a10cc572b13e1e3ac87aa5b828f361e
SHA1:	7d4b10eebfaab57f31c3284370c307fe87c1e226
SHA256:	9bbac023e088dd861025b79a10ec0f1ffa576c5ecba2d7ad8f5b3f3217b818cf
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML title does not match URL

IP address seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 1844 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\DHL Documents.html' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 4576 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,14982751535075210194,15195143519103781389,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1760 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
DHL Documents.html	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match	File source: DHL Documents.html, type: SAMPLE
Source: Yara match	File source: 21604.pages.csv, type: HTML

Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: Title: does not match URL
Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: Title: does not match URL

Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: Form action: https://grupoplexon.com/planos/home/09.php
Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: Form action: https://grupoplexon.com/planos/home/09.php

Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/DHL%20Documents.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Ruleset Data.1.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.1.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr, manifest.json0.1.dr	String found in binary or memory: https://accounts.google.com
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr, manifest.json0.1.dr	String found in binary or memory: https://apis.google.com
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.1.dr	String found in binary or memory: https://content.googleapis.com
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr, aa5d2781-a662-4b34-bc0b-610c6ec65c5e.tmp.2.dr, 5a145952-d5cf-4ba7-9348-d1ff5f06b0cd.tmp.2.dr	String found in binary or memory: https://dns.google
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr	String found in binary or memory: https://encrypted-tbn0.gstatic.com
Source: DHL Documents.html	String found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcR71V2P5cb2iSWYyNiRfksSfd2nGwGEz5rfMg&usqp=CAU
Source: DHL Documents.html	String found in binary or memory: https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcRl-dCivUVrm3P6-PH_hNHYCWuxCJBdtBCNFA&usqp=CAU
Source: manifest.json0.1.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.1.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: DHL Documents.html, Current Session.1.dr	String found in binary or memory: https://grupoplexon.com/planos/home/09.php
Source: manifest.json0.1.dr	String found in binary or memory: https://hangouts.google.com/
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	String found in binary or memory: https://play.google.com
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr	String found in binary or memory: https://r2---sn-h0jeln7e.gvt1.com
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr, manifest.json0.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://www.google.com;
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.1.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: classification engine

Classification label: mal48.phis.winHTML@41/229@3/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60F96137-734.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\8264c5b6-358f-4968-a521-063e8d881faf.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\DHL Documents.html'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,14982751535075210194,15195143519103781389,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1760 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,14982751535075210194,15195143519103781389,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1760 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://www.google.com;	0%	Avira URL Cloud	safe
https://grupoplexon.com/planos/home/09.php	0%	Virustotal		Browse
https://grupoplexon.com/planos/home/09.php	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
accounts.google.com	172.217.168.45	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
googlehosted.l.googleusercontent.com	142.250.203.97	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/DHL%20Documents.html	true		low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr, manifest.json0.1.dr	false		high
https://dns.google	cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr, aa5d2781-a662-4b34-bc0b-610c6ec65c5e.tmp.2.dr, 5a145952-d5cf-4ba7-9348-d1ff5f06b0cd.tmp.2.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ogs.google.com	cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	false		high
https://support.google.com/chromecast/troubleshooter/2995236	messages.json83.1.dr	false		high
https://play.google.com	cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	false		high
https://accounts.google.com	cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr, manifest.json0.1.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json.1.dr	false		high
https://www.google.com;	manifest.json0.1.dr	false	Avira URL Cloud: safe	low
https://support.google.com/chromecast/answer/2998456	messages.json83.1.dr	false		high
https://hangouts.google.com/	manifest.json0.1.dr	false		high
https://clients2.googleusercontent.com	cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	false		high
https://apis.google.com	cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr, manifest.json0.1.dr	false		high
https://grupoplexon.com/planos/home/09.php	DHL Documents.html, Current Session.1.dr	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json.1.dr	false		high
https://www.google.com/	manifest.json.1.dr	false		high
https://feedback.googleusercontent.com	manifest.json0.1.dr	false		high
https://clients2.google.com	cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp.2.dr, 62d30865-a5ba-4a09-ab85-6edb44f17680.tmp.2.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json0.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.203.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	452310
Start date:	22.07.2021
Start time:	05:13:59
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 45s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	DHL Documents.html
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	34
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.phis.winHTML@41/229@3/6
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .html
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 20.50.102.62, 23.211.6.115, 172.217.168.14, 172.217.168.46, 172.217.168.67, 74.125.13.167, 34.104.35.123, 52.255.188.83, 13.88.21.125, 172.217.168.42, 172.217.168.74, 142.250.203.106, 216.58.215.234, 172.217.168.10, 23.211.4.86, 20.82.209.183, 173.222.108.210, 173.222.108.226, 40.112.88.60, 142.250.203.99, 80.67.82.235, 80.67.82.211, 20.82.210.154, 20.54.110.249 Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, clientservices.googleapis.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, redirector.gvt1.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, audownload.windowsupdate.nsatc.net, update.googleapis.com, arc.trafficmanager.net, r2.sn-h0jeln7e.gvt1.com, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, encrypted-tbn0.gstatic.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, www.googleapis.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, edgedl.me.gvt1.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, r2---sn-h0jeln7e.gvt1.com, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
239.255.255.250	2DAAD8278E0DDD4D247303ACED4B1D41C75CE94BE3A9E.exe	Get hash	malicious	Browse
	Convert HEX uit phishing mail.htm	Get hash	malicious	Browse
	#U2706_#U260e_Play _to _Listen.htm	Get hash	malicious	Browse
	Unisys.com_Fax-Message.htm	Get hash	malicious	Browse
	192-3216-Us.gt.com.html	Get hash	malicious	Browse
	#U2706_#U260e_Play _to _Listen.htm	Get hash	malicious	Browse
	banload.msi	Get hash	malicious	Browse
	Enclosed Business Proposals From 4 Square Services.html	Get hash	malicious	Browse
	Invoice-Message-500.htm	Get hash	malicious	Browse
	IPVrDRKfYj.exe	Get hash	malicious	Browse
	_VM_1064855583.HtM	Get hash	malicious	Browse
	#U2706_#U260e_Play _to _Listen.htm	Get hash	malicious	Browse
	Pbogart.htm	Get hash	malicious	Browse
	ATT93916.HTM	Get hash	malicious	Browse
	Pbeesley-PAID-ACH-SJOJFB-30488393-Comtact.htm	Get hash	malicious	Browse
	Cx9ER7vYGi.exe	Get hash	malicious	Browse
	Emilemercier ProtectedCall.htm	Get hash	malicious	Browse
	INV #95000987.html	Get hash	malicious	Browse
	Joelle#310712.html.txt.html	Get hash	malicious	Browse
	ATT07509.HTM	Get hash	malicious	Browse

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\Local\Google\Chrome\User Data\035ea0ba-7253-4bc0-ab6a-b5ab6b9d8723.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174420
Entropy (8bit):	6.07918667300774
Encrypted:	false
SSDEEP:	3072:CRpkZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:0wExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	CE779515C01BDBE63F4FB33530A5CAD2
SHA1:	872E4B6612CB2A22EF46604699BDC61C5CBA8B37
SHA-256:	4A7E4F62E29AEA8F73742DB3BAECDCBECF8679044DC001513E1B8ECDBB33828C
SHA-512:	B89C80B7B7EA2F123E856237062D5379ED868C7D89336A7C48C8F37573C32E6279A3648AEC79F7F0563522FA5BDBB35517A1B4525E3F6302E045275B329852EA
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\0b813cae-888d-47c0-bc09-22558c9a6d2a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174420
Entropy (8bit):	6.079186257359161
Encrypted:	false
SSDEEP:	3072:C45kZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:tgExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	4B56C3CDDC25AB0A441BCA218460385C
SHA1:	99277200D8520349E88F441F0729EF95619A39C1
SHA-256:	0ED4C022F4C14CE3E852682E278BE7E6D8B9DF6DD8A027EA6433873E8E904298
SHA-512:	58127C9F7964900F890A652AF4FFF4CC5F60406B8920479C262CC032460F8308C204E738DC23BFF273E7CADC14E14649C8F0240598212D2D110D7B637F89A021
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\166437fb-7e05-4b5c-954c-5f0c1bb6abf8.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.74574090881733
Encrypted:	false
SSDEEP:	384:FbkLzxOcJi9BVawXeN3rUvjp3MbVsHFIG4XridbjxU1xZArq3my1ep3TvcO9t7Nl:RCa9tSpU8Meb/xdcPL+RKvpzpF
MD5:	D1DA870B77BDC5FEEBCF34716A77CA3D
SHA1:	926084B1AFBD92A38A6FF09736F3937DD92704F2
SHA-256:	BCDC701B717B8E53FC04EAD36C285C6644BF405D912720F04FD592B5F700B6D1
SHA-512:	778AC8D4103E9AE85361E422C4D381AA664A42A407B6C94040DCBF8138BC7382CB11A279F69D214525D4FFA9BB11F0667ECDF487FE4B9C4BC57C9255B4D1AFDD
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...l@8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\2c3ecb68-6ef4-4756-9f01-40ceb7990a12.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174420
Entropy (8bit):	6.079186774505264
Encrypted:	false
SSDEEP:	3072:CVQkZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:Q/ExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	A1C5D0A008A097681B225C1E82065DDA
SHA1:	27267EA1F976126F381A9CF7D7CBA299275AE59B
SHA-256:	4D8AB7C3A5C7DBCDBF122ED26E918CDE8DDC7EFFB173AFB70800122B7B3B7F10
SHA-512:	69AFEAA3F502BD00A06C3E0D69C2CEB0846AF1774F86581976395E737E15D2A1605C1D157EB951975CA71CDACB27F0E14A952D1A25EFADEE0B2ED66589284FA4
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\4a10492c-26f2-41b8-b349-e6bb3c7e4a42.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.7454289815694524
Encrypted:	false
SSDEEP:	384:1bkLzxOcJi9BVawXeN3rUvjp3MbVsHFIG4XridbjxU1xZArq3my2Iep3TvcO9t7+:hCa9tSps8Meb/xdcPL+RKvpzpQ
MD5:	2830C371DFCB113FEDDB55C7AA976F53
SHA1:	A825955872D6CAB7879626CE9863659C632C54F2
SHA-256:	E1AB34B0BFC890FC386F9F980CE5568D03177B9180AF5E48DA1C77964A328B9A
SHA-512:	D4987D8901FC7C23ECA97C9059A7D52BBBA64451426D9D46A0247BD0674FB7EA340F0405E38F124565B4311E5C8E3197CFBEBB217A62D157DC0EB3EBCFCCB2DA
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...l@8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\6d6952e8-2338-4eb9-b6cd-67411e2c5918.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.7451809994044667
Encrypted:	false
SSDEEP:	384:zbkLzxOcF9CXeN3rUvjp3MbVsHFIG4XridbjxU1xZArq3my1ep3TvcO9t7NC1vW3:Ma9tSpU8Meb/xdcPL+RKvpzph
MD5:	BAB6DAEEA131CC50528BC94CFB849D14
SHA1:	8BA380B6603BB1FFDBE032259BFD41BD03C5D354
SHA-256:	23BD473F560B67D8C84AB69B795B79296FF0FF577D2300179552CEA5242E2A9D
SHA-512:	3A5F7E34AA9E0AB66F88EBFE3EDBF479BB6A01C25067C17892FF98651EF6B47683B14736E7DFAD465392D54638F91D7001A6E368B77AFDA8FC5CC870CBB0F9FA
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...l@8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\800140eb-8ae5-450d-b167-3e4a42ed95f0.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	166339
Entropy (8bit):	6.050367347978609
Encrypted:	false
SSDEEP:	3072:skZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:zExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	755DE5C98936C49736937A3F81FBF07E
SHA1:	51FE5CB41CE436D22E00BCF22172F2D84D884660
SHA-256:	9D70AADC4A3E33991E4A016EC29A483C72CB72653CBA6B545AA94940F583F955
SHA-512:	493A6509969C98A1112D330BBF040BBF1BFE32446200B70DC8875D715F28D24385A01FA6E247FF95F073647076B162DB664B1D241F966C5810655DADD43E38E1
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016691961"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\859abcc8-ff82-492f-8923-9ddcd334b5f8.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	166055
Entropy (8bit):	6.04963924273988
Encrypted:	false
SSDEEP:	3072:ZkZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:AExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	DCE0FFD9FC4D3521EB30345A120C5988
SHA1:	7967DFE3D5D332187D36E34A16AAFE748E9B8999
SHA-256:	1B08684FBC276620A34A6AF675E31F9D427959334FB5DF5A1DC6F34D3519EF52
SHA-512:	9E0DFE3209CE3C269FE71E82AF71D50665B1413BE63EBE5F91839766C586D20C0D9938B6111D04375B4C2A1FB2F6CA8073868E570D750F6E846607E16025EDEE
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016691961"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\96fe138d-cb8a-4000-bbac-b36742a13591.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	166055
Entropy (8bit):	6.04963924273988
Encrypted:	false
SSDEEP:	3072:ZkZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:AExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	DCE0FFD9FC4D3521EB30345A120C5988
SHA1:	7967DFE3D5D332187D36E34A16AAFE748E9B8999
SHA-256:	1B08684FBC276620A34A6AF675E31F9D427959334FB5DF5A1DC6F34D3519EF52
SHA-512:	9E0DFE3209CE3C269FE71E82AF71D50665B1413BE63EBE5F91839766C586D20C0D9938B6111D04375B4C2A1FB2F6CA8073868E570D750F6E846607E16025EDEE
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016691961"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\9cf202c0-2691-41e9-8b94-d2fd4e34cd73.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	166149
Entropy (8bit):	6.0499127009296245
Encrypted:	false
SSDEEP:	3072:tkZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:8ExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	3725644228D3648CE503D6250281BAD4
SHA1:	F90E8CCBAF254D2251009ABCFC85E5B3460D36ED
SHA-256:	16ACBC1E373276C384EA2F9A0092B765226AD23195076DD8EA44D0B32B60811F
SHA-512:	B4A5C8DECE8A3B04B83E994BA98070946E7FA75FBDAAFA7F4677DD9428CFC2F3E9199FF8CA104C79FBA14A75724EB429AE2FB03F93BD37D0DD0EC5B252605FAE
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016691961"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
MD5:	E9224A19341F2979669144B01332DF59
SHA1:	F7F760C7104457DF463306A7F7BAE0142EFCEB5B
SHA-256:	47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
SHA-512:	4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
Malicious:	false
Preview:	sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\11ca231b-356a-4373-b07c-2be300f0ed33.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5439
Entropy (8bit):	5.170611565006808
Encrypted:	false
SSDEEP:	96:nbCzo3MTYgalkcKIjlok0JCKL8VbOTQVuwn:nbC6MjaacFE4K6
MD5:	6DCB04A1B3E6DEAD631B53D0CFC9C621
SHA1:	E8ADDD9D743456199658581EC15A15BA74C3E8E3
SHA-256:	943EF8289D3E1E95E734AB729953B1F3F001C0999749C50E53C6655F8989D5C5
SHA-512:	88B54D5EC0C4D3E17FB8C530FAB18359C7294FD6D7DDE62C58EB76C568B06EA0D5505F16D79BEAB4125C6D62B36798C0D050C77BEDBA66C9785120CAC75A7824
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271429688017246","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1d2e29b0-4b4b-44c4-a228-813c22d1a2d9.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5465
Entropy (8bit):	5.174143632240144
Encrypted:	false
SSDEEP:	96:nbCzs3MTYgalkcKIjlok0JCKL83bOTQVuwn:nbCmMjaacFE4KM
MD5:	04D908D390841B19131D53F7A409309A
SHA1:	D1E0187BB4300603C8E23865C3D4C141CD7BFFD7
SHA-256:	AF1D352125E6578AFD3137C6B1D1D4C45BE8CBFB51AF5361AB034D2D4F6AE46A
SHA-512:	0B522C9865C4AF7714183E40A6D77BD803C5496C6A01C6BAF1EBA14720DA8CD72A8E9AC76CC560D7CE10D8F799441863D7135EAF92BB887C9688E97E67B5A0E9
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271429688017246","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2fcb2587-1e6a-4bbc-9ba1-d24d46e16865.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.536665262196976
Encrypted:	false
SSDEEP:	384:sCJtsLlRcXg1kXqKf/pUZNCgVLH2HfDgrUPHGWnTCM4wmO4t:2Llkg1kXqKf/pUZNCgVLH2Hf8rU/GWnC
MD5:	52B30BA53C3DCE5314D843AF9EE5EA95
SHA1:	0833CAD521B91B06C5706A87DBCEC708EC5489B3
SHA-256:	E8C9AFF08F91D4F54DCF5CC61880377E06FC8D37EBA4F65316E4B474833BE50A
SHA-512:	F96836D4E70D7955F5C81961B5B5A7DDD6D2761A91A88DEB0D466952B03E4B7C7A224CA452E662FD7CCA91107561188B487D8C72092AD0D91B77DFA96B3ED580
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271429687702185","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4d85aaa1-f6da-439d-a7b5-264ad5520e6c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22595
Entropy (8bit):	5.536738898325726
Encrypted:	false
SSDEEP:	384:sCJtsLlRcXg1kXqKf/pUZNCgVLH2HfDgrUPHGrnTCM4w6O44:2Llkg1kXqKf/pUZNCgVLH2Hf8rU/GrnP
MD5:	BE994DB2A9011FC52C44EE3DB76F684F
SHA1:	3EB6C5825A82E6FA7BC470A0C6074280C2045E17
SHA-256:	2FAB12BDB318BD6A6617B5BC0A133C0531085FDA3C3EFB7C57A109952DCDE2B3
SHA-512:	3F1E515B0B69D58AAAAB08DAD52002741ADF3393D191EFD6849D0E7B6F5F602E84E1CAD4AB0442CA8F403EFD22FAF14061458CFDCEDDB21BD24912EB3C1DE2D6
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271429687702185","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\62d30865-a5ba-4a09-ab85-6edb44f17680.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6f19a95a-3c56-4198-885c-985c2ad521a6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22447
Entropy (8bit):	5.5396850063963985
Encrypted:	false
SSDEEP:	384:sCJtFLlRcXg1kXqKf/pUZNCgVLH2HfDgrUmHGGnTCl4wEO4qT:nLlkg1kXqKf/pUZNCgVLH2Hf8rUGGGn8
MD5:	884F63CAABBA76301FDB2D9F2DE68C9D
SHA1:	05ECE4E19F0713FA90B489C5B6D56F22BA240F82
SHA-256:	6393906E6CE49833EFEA415F704CE06F4C443327014150B3FC6B68CDF4A577A6
SHA-512:	C33994E3B064D8184ADFB27706EF2BF6E8730BE32AC11BB6448A09631C4B3D233C5934C86BBB0529721BE9B9DB4534D0FA25E0DAFBFE0620B99E89F528B029D7
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271429687702185","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\90456646-4b72-4c12-a768-6269f3ebf55f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\94dc9f07-ea60-4c4a-bdf7-e9ada9bf240f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4843
Entropy (8bit):	4.956301359741202
Encrypted:	false
SSDEEP:	48:Yc7UklSLklwHjwc7qAYdqTlYqlQKHoTw0RnH3CH3G/s8C1Nfct/9BhUJo3KhmeSz:nbCz23MpcKIjlok0JCKL8VbOTQVuwn
MD5:	185A5584B37566E7FFFDFDEDD702BC4C
SHA1:	55349E87ADB58E67B6512D2B7D43DDBDC0F10B9F
SHA-256:	58A87A53C9FE899463F8E23CC4E1D8A7F97F5F0557990C78B60F85EA3D08047D
SHA-512:	715CF51F735CE7411612BEB3621835D91532D001F68EB85B62854C89B4E4938E42C1A583EBECEFD65F03677BE39AEA1BC67DBE1F824F9A1DC0592815DE37599E
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271429688017246","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.243081344578013
Encrypted:	false
SSDEEP:	6:mj8a+q2PWXp+N23iKKdK9RXXTZIFUtpIRWZmwPIMVkwOWXp+N23iKKdK9RXX5LJ:Y8a+va5Kk7XT2FUtpIRW/PIMV5f5Kk73
MD5:	70E4B9519497945784392C124CB0F748
SHA1:	922713F3B4363E5B5A6418DF747F09666D18D9B2
SHA-256:	60E54B0DF967C336C9260ABC91ADF848912076097FA100C6AEA5D55CB9645A33
SHA-512:	FA9E7EA60D13ECDFAB0855051AE0803D6D9A92C1D70E7B74DFC53D2E329799D02F1D69515FD22A143F09F42E6AE30747441F6C70FF9B583BCEC44E2746E0B102
Malicious:	false
Preview:	2021/07/22-05:14:55.949 1a3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/07/22-05:14:55.953 1a3c Recovering log #3.2021/07/22-05:14:55.953 1a3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.227194692392772
Encrypted:	false
SSDEEP:	6:mjv+q2PWXp+N23iKKdKyDZIFUtpIuLyWZmwPIWaVkwOWXp+N23iKKdKyJLJ:Yv+va5Kk02FUtpI3W/PIWaV5f5KkWJ
MD5:	B8587B64D45834FD8B52702B784B933B
SHA1:	ED97B19C245187B5D53F87E87E3811AB79CD2D46
SHA-256:	EB49EE8B174FE78830C1D990228702BEA68E60E0D67E2CD259F6B27FF73218E0
SHA-512:	08856FFBD140B9F8D77C8050A79978B4DFD7ED387C2A62697A65D052285D3BBF4E04A4B209BA743A424AAEB2CAC7EE177427667240D8F689CD5177268BA41C70
Malicious:	false
Preview:	2021/07/22-05:14:55.941 1a3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/07/22-05:14:55.942 1a3c Recovering log #3.2021/07/22-05:14:55.943 1a3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.6863571317626186
Encrypted:	false
SSDEEP:	12:TLyen4ufFdbXGwcFOaOndOtJRbGMNmt2SH/+eVpUHFxOUwae6:TLyqJLbXaFpEO5bNmISHn06Uwd
MD5:	1C0EAEEE6463CAE33B7A7CD9D9DF4DA5
SHA1:	FBC6A28A1501E40154FDC0A9D0C2F34A5F88AA65
SHA-256:	ED8AE7C5E6885874A39F4E86258F552670352A18D29BE1FF4D372A2F4CD06C8A
SHA-512:	355D19828609971998B09B36E7C7D304B7FB88C7A726670BEBF5CF2E2710F8E71B0F9DEF6FE9712B484C1EB122AEEEFDECF31D13E02C4539C399DFB86EC7619F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12836
Entropy (8bit):	0.968477918177903
Encrypted:	false
SSDEEP:	24:jcLgAZOZD/wolqLbJLbXaFpEO5bNmISHn06UwA68:j8NOZwYq5LLOpEO5J/Kn7U968
MD5:	7ACFB636F5114A12761227D73FD66084
SHA1:	8C28DCBE3F476F6A6D5F483172C8C4015E6C6938
SHA-256:	A5EFB12B39AFFDD5D245376FC623094F81BAC38A77E88A8CADD027BE6F32189A
SHA-512:	538257B8E5D92FF51999BA3F5D0DE4D9D5663CC3C3521D9931DC17CC2711CCA72E86D792857B00D7404782E063D283D0EA76BA293E1D088511F4026A63A41ED7
Malicious:	false
Preview:	............T...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2128
Entropy (8bit):	3.3091524548860125
Encrypted:	false
SSDEEP:	24:34S+lrlAKjZ0bq0Zy5ZGp18C0ZLBabE6jrnhZyXQlLlL:34jxPF0bqiynGmfBa4IyXwRL
MD5:	1458D1F7DAEC81C5B2B0D5C0BC7CA176
SHA1:	BB744E768F23245F04322C86F57C49AF8F9BC42B
SHA-256:	41302BB3E92F293356903BB5ECDE41C91B3F41F599F1111689C4A817305A9F75
SHA-512:	44BB46A114A1CB1C502E56D1578767BBE75CD7E5858A38623958BB00BBF350113804CF25B677D46D7A1FFECF87B235D1922F579154EB63AA88FBD758067E649E
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...dcd74c20_0963_480f_a9ba_0edeb64ea47f.......................]$.................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}................\|...........3...file:///C:/Users/user/Desktop/DHL%20Documents.html.....................................................h.......`..........................................................;.......;............(...............................n...3...f.i.l.e.:./././.C.:./.U.s.e.r.s./.h.a.r.d.z./.D.e.s.k.t.o.p./.D.H.L.%.2.0.D.o.c.u.m.e.n.t.s...h.t.m.l...................................8.......0.......8....................................................................... .......................................................3...file:///C:/Users/user/Desktop/DHL%20Documents.html.......E.K&/.............................................I..D...........3...file:///C:/Us

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	183
Entropy (8bit):	4.267376444120917
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+GgGg:qT5z/t2qoEwhXeLKBt
MD5:	7FA0F874EABF1EED31988230680AD210
SHA1:	E71B360F1E8D5C278A051AD03DFB9027ACCF38C3
SHA-256:	09E15F8939364145E710C314EBD93FD19BF60C2B6B20BF8023315D617B6B141B
SHA-512:	AF4C2E595AA0B1FD96474A0E73530B38BE5F2906B10BE1DEFC0A9221129A3E5BB8D0816777550863AD426C5C836ECA1F0C384986C2A1108E2E4CA20EF10A7824
Malicious:	false
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	314
Entropy (8bit):	5.203571454400022
Encrypted:	false
SSDEEP:	6:mjtF34q2PWXp+N23iKKdK8aPrqIFUtpIWZZmwPI+IkwOWXp+N23iKKdK8amLJ:YH4va5KkL3FUtpIy/PI+I5f5KkQJ
MD5:	B4F11A03CCE543FEC24B3FC8CD320721
SHA1:	4E28A5831E31DCA8319CB047C1984EE8D2CF0D51
SHA-256:	153D89573D305D991669843CBB854BF6FC765E12324EA1EBA1D80E14F22BD4D6
SHA-512:	9301BD3F73FF60B21E5DCE9EA93745F8753AC2DDA61C723BC2F48B989BD223B32CCE4854DC23F88E1A8B2376991C90599D09C7643562F230D96E21122EAF4152
Malicious:	false
Preview:	2021/07/22-05:14:48.016 a0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/07/22-05:14:48.017 a0 Recovering log #3.2021/07/22-05:14:48.018 a0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	627
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWW:
MD5:	9D7435EA49A80FDD66E4915F513017F9
SHA1:	469F6C6E4B19B85CC1BE497812B2F20864F4FF2C
SHA-256:	409D4C47E940688527D730B996E8991E010988C7671565467ED69D640D0947F3
SHA-512:	0561CD632D4219AEF4686DE40EC092921384CA89755D354801E0EAEC8645A8630A180807AF518AC8FCF01F71EB3D10FAA9CE1E62C7A7226A274975BDCB7EEB4C
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.2341339187934555
Encrypted:	false
SSDEEP:	6:mjg2cVQyq2PWXp+N23iKKdK8NIFUtpIgbyG1ZmwPIgOQRkwOWXp+N23iKKdK8+ed:Y4Vva5KkpFUtpI4yG1/PIbI5f5KkqJ
MD5:	320AC351FE8502FEDA3C644E07D9AAB7
SHA1:	859495355171A8D54819F6C7ACCAADF138CAB11E
SHA-256:	C13B3E4C44316386446E4621CA37B3F3FF5D2E8F019F225A2C788ADC930DCF7D
SHA-512:	3742C94F6477F003868DC33B989D97C0BAB5E09D3DBA61F48580FACAA7E8AAFB76CACAACF15CBC75223D1185D26C0235C2E8F376C4F0DE07801639777F18FBB8
Malicious:	false
Preview:	2021/07/22-05:14:50.397 1630 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/07/22-05:14:50.398 1630 Recovering log #3.2021/07/22-05:14:50.400 1630 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.279664288975548
Encrypted:	false
SSDEEP:	6:mjTi+q2PWXp+N23iKKdK25+Xqx8chI+IFUtpIxWZmwPITRVkwOWXp+N23iKKdK2L:YTi+va5KkTXfchI3FUtpIxW/PI9V5f5G
MD5:	21B2C45936E2F65EEBECC74BB35AEC22
SHA1:	FB28FAA243A32C83E1C66A84A20C3421FA280EFC
SHA-256:	CFAA0E5AC02FE4825D55B25548BF1CF7C2031F05A2EDB0040E351C0202C51CB4
SHA-512:	5B0415FEB18F032926B8B43323FDCEDD05F921D522E758FDBFE33B4135EA07F5E9A4D55BEFEAD3D1406451DC8EC679CD3D133BD1FF7AD33EB3CA443CF82516C6
Malicious:	false
Preview:	2021/07/22-05:14:55.933 1a3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/07/22-05:14:55.935 1a3c Recovering log #3.2021/07/22-05:14:55.936 1a3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.250971808388815
Encrypted:	false
SSDEEP:	6:mjAuER+q2PWXp+N23iKKdK25+XuoIFUtpIOuWZmwPIOlVkwOWXp+N23iKKdK25+Z:YAua+va5KkTXYFUtpIXW/PIiV5f5KkTZ
MD5:	753032FA18C3E9AB4F38B5934421F075
SHA1:	1BB7F205F4B9CF1C19265AB02222F567667B7397
SHA-256:	E8AA817ED6C3E07D0E52042B4E1B500F0809AA4BECB0CF0E8E5D342DC9FBFC58
SHA-512:	F1E33586A44BECE6F17DB54089B7C13861A1F4C80103C0EBB21575DF54A734B844374659B8FB033A50584F86B7C3F4072F9EA4D2DC5590F7C6E962F3F7F7D339
Malicious:	false
Preview:	2021/07/22-05:14:55.926 1a3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/07/22-05:14:55.928 1a3c Recovering log #3.2021/07/22-05:14:55.928 1a3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.298675076534099
Encrypted:	false
SSDEEP:	6:mjtl+q2PWXp+N23iKKdKWT5g1IdqIFUtpI+UXWZmwPIYf3VkwOWXp+N23iKKdKW4:Ytl+va5Kkg5gSRFUtpI+UXW/PIE3V5fz
MD5:	0471AF635AEAA576A3EC625494E16742
SHA1:	788EFC4499C52E4C4C7D3CE6316BD7915194EFD7
SHA-256:	A479870D8472C47179DD1B88456E1168965CB0CA876881EC41D6C6BF0C3DD848
SHA-512:	DBD5BEBCC2688F470DB766AC475779C8CAFB8F322386718E3E7C6018D64BDE3E225D430C549F59E0AF027592B4A010299C9DA5AB1A4F224C8D710066A6C3D5A6
Malicious:	false
Preview:	2021/07/22-05:14:55.893 1a3c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/07/22-05:14:55.894 1a3c Recovering log #3.2021/07/22-05:14:55.896 1a3c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.45488079341118026
Encrypted:	false
SSDEEP:	3:8EflbHWl/:8EW
MD5:	BEAA588E8E34E72DC003C7BAB97A8817
SHA1:	159F091E75264E6DF41F44C2930179CC98836CDB
SHA-256:	9534BA2D5D682AC5364FC4D570D0287C46E0889CDD9AE0528557891A281265D7
SHA-512:	0F25B856C5B60543D801EAFF41026F81703D78F4795714BB89FFB03AAB81F948F9282F2605AF05C4190549FC676BF1617A2EA9512CFD8A3CDC3D99347B720E6F
Malicious:	false
Preview:	.'..(.......................................................................................................................................................................................................................................................................K&/.........................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.10791085207785116
Encrypted:	false
SSDEEP:	6:l9bNFlqQCNa/lv4/DjbjF1K+WZeOo/lCxthidWGCxC+/eroIjF1K+W6:TL+A/6rBTNuQdWGI/BIBb
MD5:	AE9A8BA1E50DA282AD143323E6D57EF1
SHA1:	A7A5128FED91622F3D1E0E5C3F08A3EEB3887AB9
SHA-256:	A46A1CA858BE928215DBAC2871E92837C7AD7054EABD41DA6771D1F656DF703E
SHA-512:	9371E6654F85EDF3E5DBF17503D6EC1A8CE968F8C6581DFBCB0427F10A986A3BD24C1B5BDDD7943A12FF8328FA268AEBDC0BB92DE1AEDE414FBD37EA8353A030
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	534
Entropy (8bit):	5.176478422159571
Encrypted:	false
SSDEEP:	12:xa3mf/uXClgQB5y1u/TNWR/iJXbnIZBk778B/xgskZB3WZKhBJb3PfmI:x8qYClX5y1kMiJXbnIfY78BJgskf4CX/
MD5:	2637CBC9077A58CA46B4F905D7138955
SHA1:	4A19116CB208E34C01DC5BF6BD442592A482B4A7
SHA-256:	62FE8472AA7AA84B72EC602F9DBDE498632949BBD8B46039E3BA4E460EFBC124
SHA-512:	CA813E9502C5DDC8D8F8C7DB4B88C7DCDE7FFD3464035107CB3B71486F0826BFADDA86B0DAFC956FFA8D2CDB6D9CEA65144C6FAC5B9D2E590F36DF7C8D043F1D
Malicious:	false
Preview:	............"8....c..desktop..dhl..documents..file..user..html..usersX......c......desktop......dhl......documents......file......user......html......users..2.........a........c.........d...........e...........f........h..........i........k........l..........m.........n........o.........p........r.........s..........t..........u.........z...:J..........................................................................B[...W...... ......3file:///C:/Users/user/Desktop/DHL%20Documents.html2.:..............J...............#-

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	42076
Entropy (8bit):	0.1162252198199231
Encrypted:	false
SSDEEP:	12:w8mqLBj/CY3lK94nMWQA9LDZgmBQZ8fOL:OqLBF3fbNOmTf+
MD5:	C74F10DB911FC4BF294C930C253F1D82
SHA1:	B2EDDE2EBE609C6B53C84D420EFF8B3F3E927335
SHA-256:	A6840083B736349653470AE537469457DCEBA4A381278913291B1FB57B7E1733
SHA-512:	2223053C3566605B8B1BA4ABC1B1223F259FBAEE8249F663E74B76FC62BC2200C0854674B3EAC48CE66888F2667C019A21DFED45952D023E3792D309FDA04D3B
Malicious:	false
Preview:	..............D-........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2955
Entropy (8bit):	5.471281174763772
Encrypted:	false
SSDEEP:	48:kD4G4Ea7RMn8dbaZpabQSefgGONrS0U9RdiN97:ma7RM8dbaZpabQ5fgGirS0F
MD5:	ED310974FDBAE8B6DF6D7D29EBF096A4
SHA1:	57190597320195ADC95D648D24FA30736BCA3195
SHA-256:	E0FF545E4831D99296C2087F1FD122E35B0AC8E54E91BB1CFF6EE49694390E2D
SHA-512:	CD7971336E25B0B1211F75D169D326165BD549F15FC1B4E12CBBF3152152710E4A177FCD1537417120076CAAD901A595B57C37530A373CB440BC978503E04153
Malicious:	false
Preview:	...=...*............8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm.............Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..831720000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-07-22 05:14:57.87][INFO][mr.Init] MR instance ID: 3abbcf04-b9e2-4c91-b0d9-0bcb75dbb88e\n","[2021-07-22 05:14:57.87][INFO][mr.Init] Native Cast MRP is disabled.\n","[2021-07-22 05:14:57.87][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021-07-22 05:14:57.91][INFO][mr.PersistentDataManager] removeTemporary_: 163 chars used\n","[2021-07-22 05:14:57.91][INFO][mr.PersistentDataManager] initialize: 163 chars used, 67 other chars\n","[2021-07-22 05:14:57.92][INFO][mr.CastProvider] Query enabled: true\n","[2021-07-22 05:14:57.92][INFO][mr.CloudProvider]

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.2123711046945775
Encrypted:	false
SSDEEP:	6:mjngQ+q2PWXp+N23iKKdK8a2jMGIFUtpIn90gZmwPInSVQVkwOWXp+N23iKKdK8N:YgVva5Kk8EFUtpIeg/PIwI5f5Kk8bJ
MD5:	CB2E85CA1053AB637E3FA9866FFD829E
SHA1:	38770923D3BD757F1D0E93A4C4B9D7DFF8CF8F10
SHA-256:	F549565FA8CD5831843E1C6156FE4F5B6CC5F0CE8643E08B6865A4F0FA833530
SHA-512:	288302B3FB35CFFF44879B3004DCF598FEE2530945E949CE0B655EF6FD5B9282D6FE3EBAA6C6D843A01D885062B5A5F89943FB80591C564FA95B2BA917B8FDE5
Malicious:	false
Preview:	2021/07/22-05:14:47.727 12f8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/07/22-05:14:47.729 12f8 Recovering log #3.2021/07/22-05:14:47.730 12f8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.250024736999903
Encrypted:	false
SSDEEP:	6:mj0FUaF3cM+q2PWXp+N23iKKdKgXz4rRIFUtpIyFdJZmwPIwFdcMVkwOWXp+N23B:YQqM+va5KkgXiuFUtpIyFn/PIrMV5f5j
MD5:	BCB24AD4792CCC03E69BC15F862F3C47
SHA1:	4BEE0D6EE1D8A99162EEDBC8F0E577464192FF9C
SHA-256:	FE3A124A20605340CADF6D8E750006F34C4076CA7C68DFACFAFD4F23D704BA63
SHA-512:	681874803843ED213574E49B15B8620217A0FBB2A94F4C015B757685D0F71A1862D8A9F40F03DCEB549587D4F12AACD5D77BF33E50819D3863352AFC643E0F41
Malicious:	false
Preview:	2021/07/22-05:14:48.043 126c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/07/22-05:14:48.045 126c Recovering log #3.2021/07/22-05:14:48.047 126c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljljljljljl:5ljljljljljl
MD5:	1B4FA89099996CE3C9E5A0A9768230E8
SHA1:	9026E1E0906E3B3FE0E414EE814CC5A042807A04
SHA-256:	537818AAFD0902A8B2D58B483674391E33E762B5E1E8CD226D873098CCE9C8F9
SHA-512:	4279C9380ACC5AB329EC6BCDA10CCF0A7437CEF63845B63E741CE517042CFE83340D2D362DD6B9E039BF55E61F484CCF72B8FD8477D1D0292E0B879CB949461B
Malicious:	false
Preview:	..&f.................&f.................&f.................&f.................&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	314
Entropy (8bit):	5.198103902170311
Encrypted:	false
SSDEEP:	6:mjpcqOq2PWXp+N23iKKdKrQMxIFUtpIpyZmwPIp+kwOWXp+N23iKKdKrQMFLJ:YpcqOva5KkCFUtpIpy/PIp+5f5KktJ
MD5:	34E8BCFBD4586D155F3F97412402F999
SHA1:	A95B525C9539CFADE8FCD8D4FF96FB4475B0B193
SHA-256:	00D33CD98F0DC1638A3DE2787FA73F2EB55B7336570C436322A2E0CB3A6A27C9
SHA-512:	62DE9609558F03D4B58D7FD9B5B4C7F6E61B3EAB4B7AE30BC43D7758D3EB8154E781533D819EC652DFE346D574BC86B637A3B73656780AC8133FC7E5214CA2B0
Malicious:	false
Preview:	2021/07/22-05:14:47.965 a0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/07/22-05:14:47.966 a0 Recovering log #3.2021/07/22-05:14:47.966 a0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	348
Entropy (8bit):	5.207422805446504
Encrypted:	false
SSDEEP:	6:mjWQyq2PWXp+N23iKKdK7Uh2ghZIFUtpInG1ZmwPInQRkwOWXp+N23iKKdK7Uh2w:YWVva5KkIhHh2FUtpInG1/PInI5f5Kks
MD5:	E1F11C40F2BBFE831774FD04CEE71BC5
SHA1:	02E5A9B4FDEBB976C4D43DD1D95F9370996F8BDE
SHA-256:	446CAECAD83414714DA33B89B891094F0A0F73B6BA257164C83ECB8F1B836384
SHA-512:	8F562B62D376E544365E27F7BBD6C83DCFCEE8DD7D746EFF0C7A249289CB5D30522EF33B0927B3441FB12829F076896FED6A1FB90DD007F1F412CD2AE22A10B5
Malicious:	false
Preview:	2021/07/22-05:14:47.690 1630 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/07/22-05:14:47.691 1630 Recovering log #3.2021/07/22-05:14:47.691 1630 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\5a145952-d5cf-4ba7-9348-d1ff5f06b0cd.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.985305467053914
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5:	C401B619D9D8E0ADABC25A47EE49CFBA
SHA1:	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256:	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512:	BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	424
Entropy (8bit):	5.27485869007461
Encrypted:	false
SSDEEP:	6:mjp1Vq2PWXp+N23iKKdKusNpV/2jMGIFUtpIpeFoZmwPIpeFwkwOWXp+N23iKKdD:Yp1Vva5KkFFUtpIpp/PIpj5f5KkOJ
MD5:	98F424F539FE18B7A6B938CFEF78F4A1
SHA1:	17909325C9CF12B5F9B31AB7317F5DBCA2DD0D10
SHA-256:	3E06E0E6DCAED687AC05032EFAD1ED4CF455269E4B0D464B3B77F991C2D7F60E
SHA-512:	B37ECA59526943DEFB13ED2F0C209D0C45C5C4E06DAD4171CF25C61EEFB1802B1808A179C68644957BE6FF4BAAD4292C18084FB10ACE0706D2A1EC9F7E674F4C
Malicious:	false
Preview:	2021/07/22-05:14:47.988 a0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/07/22-05:14:47.989 a0 Recovering log #3.2021/07/22-05:14:47.989 a0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.277485812601693
Encrypted:	false
SSDEEP:	6:mj0Fm+q2PWXp+N23iKKdKusNpqz4rRIFUtpIwFjGAWZmwPIUVkwOWXp+N23iKKdA:Yz+va5KkmiuFUtpIsGX/PIUV5f5Kkm2J
MD5:	C3CABAEB39C76D82524102807091D4AE
SHA1:	E2338BB6B9641AF3BA29379CD3D1779ED192B29B
SHA-256:	05ED525AF9668BB653244F072DE8DB8284CF82B1FD6A72DBD4DF2700C3BD2024
SHA-512:	4B43CCAE15B11B712D40DE08050C68E908B1AA7B5EF173EF7F745DA55A472ACBC13EA20918944F8F3D3A66F2BB3C4400C4B8F30D9BA777A2FD8A8479D30A297A
Malicious:	false
Preview:	2021/07/22-05:14:48.043 d0c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/07/22-05:14:48.047 d0c Recovering log #3.2021/07/22-05:14:48.048 d0c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.275777455746168
Encrypted:	false
SSDEEP:	12:Y0IRVva5KkMFUtpI0wYG1/PI0RI5f5KkTJ:dYa5KkUgj2jMf5Kkl
MD5:	971AE1FD70CAD462334755BBE176A634
SHA1:	6B59A8F7D8FACC0ABF18BE1F50EF86ED36FB81DA
SHA-256:	6DDEA44A1BC954A1B03016A78ACF30BE44BF422EFE5C7E2C0F5230BCC0E903DC
SHA-512:	C4069642A5894E8252D39568D2E27B67FF78880F07E67F09FBFC2FECF69E88B8A1CAEA089A7E8D1F53B491DD09979F5C15348413B1F09AC63DBB2F439631BD13
Malicious:	false
Preview:	2021/07/22-05:15:04.408 1630 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/07/22-05:15:04.409 1630 Recovering log #3.2021/07/22-05:15:04.410 1630 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	592
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E8E:8N
MD5:	B505641E5E90B7CF4BC869DD1B4BE451
SHA1:	0EC7B13DC043E054AB48B8F45FE49EF1209C01AA
SHA-256:	2755F85F14CF33404CEEBF053D0CB79DC3B98D643A51075737E6A5BE154FE1D9
SHA-512:	610AF095630C93B0586F4D9CA84FA75454C472C557D4FDBC0D5C1851F9AABF8653079A7ADE4659ABADDEDC2E02E58AD13C7244CD004B0AA5A462307F293F83A3
Malicious:	false
Preview:	.'..(....................................................................................................................................................................................................................................................................................................'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	430
Entropy (8bit):	5.231477110447745
Encrypted:	false
SSDEEP:	12:Ya4YVva5KkkGHArBFUtpIaiSG1/PIaUNYI5f5KkkGHAryJ:vBa5KkkGgPgxi1xgtf5KkkGga
MD5:	FE15AFEEE3CF79C1DD8C030DD762D88A
SHA1:	9BED65C8751AC6B18A523BAF3BDFD955B7CAF0EE
SHA-256:	3B4BF14A913A4AC47846D8EA287F7DF0039A079C590CD9279726759CA50C5E60
SHA-512:	F1A91BB5F4CED84D7163FFEE9965D146FD51F1F9C002B93DEA306404574DF4BA5D9798252278C64A58EDA0921A9144F4FE33EB780098F3B704D54A4EA58502E7
Malicious:	false
Preview:	2021/07/22-05:14:56.399 1630 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/07/22-05:14:56.403 1630 Recovering log #3.2021/07/22-05:14:56.405 1630 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.216315491518507
Encrypted:	false
SSDEEP:	12:YaS+va5KkkGHArqiuFUtpIa//PIaUWV5f5KkkGHArq2J:vja5KkkGgCgxntf5KkkGg7
MD5:	D46C10B351B362BDD6C5E02CE29FA517
SHA1:	9329661CD8FAD9B063E18B285F971A89928F157E
SHA-256:	6684BC74272CF209B3C2825F75880E9239D34A93525826222BC57D5C349AC75B
SHA-512:	317F6884E112148685A48D585EB8865C0573F48D75413AA8ABAFDD654DED717A5AFAE73129A8E6AA1616E08E738266C67E67556078FFE8F1335B915839D5EB44
Malicious:	false
Preview:	2021/07/22-05:14:56.400 107c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/07/22-05:14:56.403 107c Recovering log #3.2021/07/22-05:14:56.405 107c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljl:5ljl
MD5:	E9C694B34731BF91073CF432768A9C44
SHA1:	861F5A99AD9EF017106CA6826EFE42413CDA1A0E
SHA-256:	01C766E2C0228436212045FA98D970A0AD1F1F73ABAA6A26E97C6639A4950D85
SHA-512:	2A359571C4326559459C881CBA4FF4FA9F312F6A7C2955B120B907430B700EA6FD42A48FBB3CC9F0CA2950D114DF036D1BB3B0618D137A36EBAAA17092FE5F01
Malicious:	false
Preview:	..&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	418
Entropy (8bit):	5.1914172825615355
Encrypted:	false
SSDEEP:	12:YyVva5KkkGHArAFUtpIUG1/PIaVI5f5KkkGHArfJ:3a5KkkGgkgI5If5KkkGgV
MD5:	444D1396296B651D3980B66611637E93
SHA1:	3C3ED3F0B667C90191F3B8D9EA850DCBE126654F
SHA-256:	9A31D590871597D89EBD3F7BD7F7E3D903584E23C1B6E7F078D28F5ACE5E0359
SHA-512:	8DCEE0A46293B5ACC40695E7B8F5192325AEFD68628E140F6BF863A2A71C9F10598107EB4CC0798054F98AD9593CDBAC17344A63CB6BBBA64409DB05E3ACBB1C
Malicious:	false
Preview:	2021/07/22-05:15:11.667 1630 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/07/22-05:15:11.669 1630 Recovering log #3.2021/07/22-05:15:11.670 1630 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\aa5d2781-a662-4b34-bc0b-610c6ec65c5e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.954960881489904
Encrypted:	false
SSDEEP:	12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5:	F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1:	00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256:	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
SHA-512:	41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.242288556354085
Encrypted:	false
SSDEEP:	6:mjnJi+q2PWXp+N23iKKdKpIFUtpInQWZmwPInyVkwOWXp+N23iKKdKa/WLJ:YE+va5KkmFUtpIQW/PIyV5f5KkaUJ
MD5:	441CF1BDBFEBC83506653A03382B0646
SHA1:	CD306F14A61EE663429F3A4BB1AC5934F7ED40EA
SHA-256:	1F37C2B613B8681C086E89F393BB016C23E1C5CD22E267374436B07B6444910E
SHA-512:	AF266F4124AF1314A113201237DE93021BCF4C18F056F35F53CC487D2430EDE54D12A29B77724BED346D7E62251F6547F786F3A0C9EAE727B56097706D9F166E
Malicious:	false
Preview:	2021/07/22-05:14:47.705 43c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/07/22-05:14:47.706 43c Recovering log #3.2021/07/22-05:14:47.707 43c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	399
Entropy (8bit):	5.378557839804607
Encrypted:	false
SSDEEP:	12:YVAQyva5KkkOrsFUtpI2Hwg/PI4QR5f5KkkOrzJ:/QYa5Kk+gGEQDf5Kkn
MD5:	4839D2FECECEA13C8403795D768A07F2
SHA1:	AAC2C0D011AE0EE8A9FD0E244B4B60E0BCBC5BF0
SHA-256:	6E872C660D8E31EACAEA406F172781D6EE3C13D0E29671D2032A956241B70B7E
SHA-512:	5E291221399115DE1061FD14B74B43CD833D6F26604BC38E6DE4E5F809CFD52A82707DB38897AB8331E4562832A897465B4C2EC65050E1A8DDC29A6D806D72E2
Malicious:	false
Preview:	2021/07/22-05:14:57.906 898 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/07/22-05:14:57.907 898 Recovering log #3.2021/07/22-05:14:57.908 898 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.188721875540867
Encrypted:	false
SSDEEP:	3:vcvAr:vcvO
MD5:	FC5C297174FB05BD4C9DCAF87336DAC6
SHA1:	30F4BF0FAE5DC268912FCA9773AEC5C15C1EE4CA
SHA-256:	9F8B80719A9595079C263C9541C2E1434F36FB1E5068ECF6D9040C49D7DBE5EA
SHA-512:	0A36D098E8567DD8135233BE86E84704CD1A15D9D4588E9387EFE5BA265D9B785B1846AF508E100D397884CD958F08A9E9D89C03241FB59A89E4C156F0B0253D
Malicious:	false
Preview:	.......d.O..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\5788d394-0c72-4947-83a4-4829e958953a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 13 icons, 8x8, 32 bits/pixel, 10x10, 32 bits/pixel
Category:	dropped
Size (bytes):	175509
Entropy (8bit):	5.489440694064333
Encrypted:	false
SSDEEP:	1536:rKbsLAR2A4VBQV1111111111111Nr366R6faFR+up0y0y2im1OsFcgYzQNL9X:rKbsLAR2fe/FZntrslfX
MD5:	33EABC19FDF40F3D36B6870EF5861957
SHA1:	CF3EF59C3940B58C314E9F6A1616751553F2D9A2
SHA-256:	647D07F37554672865902B2CEE80864B5A5283C372C7263BB1497D5582054E57
SHA-512:	47CFEDB1FDBC9BC09905C70F69A5114C64A8FC791BCA480D24972275276F00CEB230C579B4217337F9C69ECB2AB3221A3B549F06E8074D76BCE2F31773FB69F5
Malicious:	false
Preview:	............ .H............. ............... .p............. .h...n......... ............... ......... .... .....n...((.... .h.......00.... ..%..~H..@@.... .(B..&n..``.... .....N......... .(....D........ .w`...M..(............. ..............................+.O-8&]P>/^Q?-^&:?I.1;<....qye.f.%.......X...E.....I...k}....{.m.t.CP..........E...\...............=H..,A..,J..;P......................................................................................nnp}nnp}........~~~........!...!---2---2... ........................................(............. ................................!...7.#.:3,";3,!<.&'/............NPLYt.F.K.%.....L..C.....1...`...KOPVutz}..A.BxX.......P...Q.....1...x...tqpyxuux...0D..DP..........G...........uojuppnw....t\|..9F..-=..+:..5:..rr......llkrkkmw................................ggitllkv................................hhgssss~............YY\eYY[e............nnnzXXXa.............................RRR\..........................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_nmmhkkegccagdldgiimedpiccmgmieda\Chrome Web Store Payments.ico.md5 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	16
Entropy (8bit):	4.0
Encrypted:	false
SSDEEP:	3:SeFcn:Sec
MD5:	61B979ECA159ECAC9C7F8F1D6FD43E9D
SHA1:	0373696351FC2172E811DA8393DEC84036FA34A0
SHA-256:	AB05E0A6FF7E8FFF89F924B279D93AFC72ACCE817C4D250C60BB8059CC534303
SHA-512:	C95825DA33CBDDFA627D9FF9A5B8371BC5F4E643A09573B6E1E839A83B619F53D878C344030B9701DCBC24D4CECCC016CF4D298D10EE8C37D1B5FEC1A51682B6
Malicious:	false
Preview:	F......r...(R..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cd4535b3-5a06-4cef-91f6-1b3410b8bba1.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	2276
Entropy (8bit):	4.903967530091464
Encrypted:	false
SSDEEP:	48:Y2TntwCXGDHz5sKTsISDssRLsobTsoyKs63zs6MHqYhbD:JTnOCXGDHzVRSJTRrDGPhH
MD5:	ECBE1CB1FA97FB8E6BC127C7675144FE
SHA1:	813696FA15DF1AA46C53265AF444CC42A373C6D7
SHA-256:	DD4C429ED0413AC12C09D18EE60BC685EDD801E0A429C6FB5433272CD9B55951
SHA-512:	933E1DC3A77B368789FF31894CBC3D06C61616D88F7AA15A85876CE9B5B0D988A900D31D6FC736AC82F7B18525F5603134396A5649E14ADE9FA0BD0267CDBF62
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274021693417872","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274021693522323","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://encrypted-tbn0.gstatic.com"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d9678282-2b80-4444-aded-5e4093383b90.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	24055
Entropy (8bit):	5.534392934668623
Encrypted:	false
SSDEEP:	384:sCJtsLlRcXg1kXqKf/pUZNCgVLH2HfDgrUaHGrHGInTCM4wpO42:2Llkg1kXqKf/pUZNCgVLH2Hf8rUqG7GV
MD5:	9887EC7B4B99A9D9F40761A315FBE903
SHA1:	457086AC81D29D5EDE97431ED35A974D28F68B8F
SHA-256:	88A2BF650C3E6ADB26F2A15A7B759BA3D386D60D1D1AB45948B0F500F6713821
SHA-512:	0BC378C93E3A18E40DDA36BB4B39F59120B48E652DCDF75D88A4A71232582CE47779A1A55756892CC3D3FC5A49729271E7BCF5F5E50A985EDA2A7C9F2AF7EF9B
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271429687702185","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	136
Entropy (8bit):	4.518106383760107
Encrypted:	false
SSDEEP:	3:tUKI0UpcBRQyZmwv320Uq9FWSV8s20Uq9FWSWGv:mjpk9ZmwPIekSVvIekStv
MD5:	DE0FE322C8553847D5917AC56154A669
SHA1:	DFE5882B17BF309354ED4AED699865FA679E1AE1
SHA-256:	5666B676AE1484E4AD9A0563B63563802D0BCBBC6EB63D768EE3627E9B6649BA
SHA-512:	BB34B1A5791C5FA90470BCAF27E712B27FCA4260FF54802B3042335601220A3CCEC57C60E65933C9FDE0AB0A3DFCC8B7694C3471DC1D7B1A751735FD05B6422F
Malicious:	false
Preview:	2021/07/22-05:14:55.641 d44 Recovering log #3.2021/07/22-05:14:55.674 d44 Delete type=0 #3.2021/07/22-05:14:55.674 d44 Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	5.028758439731456
Encrypted:	false
SSDEEP:	3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
MD5:	031D6D1E28FE41A9BDCBD8A21DA92DF1
SHA1:	38CEE81CB035A60A23D6E045E5D72116F2A58683
SHA-256:	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
SHA-512:	E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
Malicious:	false
Preview:	V........leveldb.BytewiseComparator...#...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\fac83f7a-2b75-4f8a-9163-98b470385d47.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1036
Entropy (8bit):	5.569250202057185
Encrypted:	false
SSDEEP:	24:YI6H0UhVsTG1KUerkq/HeUeXby2qUeXvG7wUbyHRUenHQ:YI6UUhVseKUewqPeUer2Uef4wUbyxUew
MD5:	919F8C26A2D15BAC582F21A46D926411
SHA1:	E4FC7D657724107BB4FFCC72CCCBF3DB7779980D
SHA-256:	BD19EC8DC516E7654680034C4FC9DD9A31F30D3E6C508693FD85FDBDD676227E
SHA-512:	09AC8BC74F382ED2B506EF34D14CA3501B31F81233A7DE7C593DF6ABFAC2C72E7A66F11FA01638CF0E2206E4B3A8AB7516A372109F19DC7CFBAC1A476B74E81D
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.919383},{"expiry":1658492093.544,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1626956093.544005},{"expiry":1633014077.462534,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_observ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.247551036685769
Encrypted:	false
SSDEEP:	6:mjMWVSQyq2PWXp+N23iKKdKfrzAdIFUtpI0YG1ZmwPIsRQRkwOWXp+N23iKKdKfa:YXYVva5Kk9FUtpI0YG1/PIKI5f5Kk2J
MD5:	2D43DBC11032CF044FC163D858DFDDE8
SHA1:	01E19D36B4E0A83581209F1DC953EBBDDECF78D4
SHA-256:	E1E696500E03F9D9C4663D7C3A8F5573574C6518A5C3383D7AD7342F188B8B16
SHA-512:	F7F80CD5A6AF296789429E1E8969924E14A3673F8182732DD0991EF669DB13A0C891010D1AD3214D3807576A6F28E47A06A34CF527B4836CC3165712F3FAC0F1
Malicious:	false
Preview:	2021/07/22-05:14:55.965 1630 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/07/22-05:14:55.966 1630 Recovering log #3.2021/07/22-05:14:55.967 1630 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	3.138546519832722
Encrypted:	false
SSDEEP:	3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5:	DE9EF0C5BCC012A3A1131988DEE272D8
SHA1:	FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256:	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512:	CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious:	false
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.8150724101159437
Encrypted:	false
SSDEEP:	3:Yx7:4
MD5:	C422F72BA41F662A919ED0B70E5C3289
SHA1:	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
SHA-256:	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
SHA-512:	86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
Malicious:	false
Preview:	85.0.4183.121

C:\Users\user\AppData\Local\Google\Chrome\User Data\ShaderCache\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.44812403665442346
Encrypted:	false
SSDEEP:	3:8Eflse:8
MD5:	5C591B9D45028254EAC37FECC7D7D817
SHA1:	0265ECD3502775F51D91C299288C4FF4246701DB
SHA-256:	5F7762BBC6BB773AFF1AB1749C0D29E35E9481559C2086ABBA37039F4C44986A
SHA-512:	726132CDFC3A695B5D056CE446A412F2CF0A31A24184CB3B336D438C8AE0D528EB6E86D1EE2D3D13C5190AA0097BE2A18E2DA3368BB223C1A87861FB71919EBA
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................5...K&/.........................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\9.28.0\Indexing in Progress Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	empty
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3::
MD5:	D41D8CD98F00B204E9800998ECF8427E
SHA1:	DA39A3EE5E6B4B0D3255BFEF95601890AFD80709
SHA-256:	E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855
SHA-512:	CF83E1357EEFB8BDF1542850D66D8007D620E4050B5715DC83F4A921D36CE9CE47D0D13C5D85F2B0FF8318D2877EEC2F63B931BD47417A81A538327AF927DA3E
Malicious:	false
Preview:

C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir1844_1152535667\Ruleset Data Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	186784
Entropy (8bit):	4.915957886381836
Encrypted:	false
SSDEEP:	3072:bl35PHEWQyoghJbTloZq6L45c7wbMn5nezpiKmneSxCgWCCkHjuhjMQBJXS:R3NKghJbTl96BXTChW
MD5:	E4ED6CE0DB78ED18701755E5FF177B82
SHA1:	7D660E76CE91C05FC52FE1AD54C28EAD7E4A04B6
SHA-256:	BBA545E82F5720A1AD3BCB3743EB27BB1F015CB2E1222615CB880DA40CE42C20
SHA-512:	F49A4487C245DE86158EE6BD675BF70C74D8FE7164A5AA5D71469AFA94071FD4C06BB09E88E06B1CCDE9ADE6C124C957E45179C25891E12BD7C9FD419B7EBF72
Malicious:	false
Preview:	........................$...(........\..................................................p.......P...........,...........................geips....... /..........lgoog........6..........ozama...................onwod.......Hi..(.......g.bat.......<q..@.......uotpo........w..X.......ennab........S..p.......nozam........E..h....^....................................t...............L...............$......................................x.......\|...l...h...d...`...\...X...H...P...L...H... ...@..........4...0...,...(...$... ..................................................h..............................(.......................................................................\|.......t...p...l...h...h...`...H...X...T...$...L...H...D...@.......8..........,...(...$... ...................................p..............................4......................................................................................\|...x...t...p...l...h...d...`...\...X...T...P...L...H...

C:\Users\user\AppData\Local\Google\Chrome\User Data\cf29e66b-7946-479e-b40a-d6f12a3cc197.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	165962
Entropy (8bit):	6.049358913024994
Encrypted:	false
SSDEEP:	3072:GkZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:lExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	7F0D2CE9A9CA725235C01375E5A81F2B
SHA1:	A8FA987B83DA08DC1F8A61CC4D4E8C2FC3D4571D
SHA-256:	C7C5E0A0E438E4C19A6A4568A08CFB5173815F58C6222EB73BD723B48D76EDD7
SHA-512:	23FCC6D9BE0D70F5F40B66C6FD0E14A1D0256A4DC1D7C51AFDD816463CCA8D525F31C0B61D6BC4BED783C80B0A416F44C34FA07678F66590D5590946714A86D8
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016691961"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\e561f366-1e45-4452-8f37-dfd736f07182.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	166149
Entropy (8bit):	6.0499127009296245
Encrypted:	false
SSDEEP:	3072:tkZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:8ExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	3725644228D3648CE503D6250281BAD4
SHA1:	F90E8CCBAF254D2251009ABCFC85E5B3460D36ED
SHA-256:	16ACBC1E373276C384EA2F9A0092B765226AD23195076DD8EA44D0B32B60811F
SHA-512:	B4A5C8DECE8A3B04B83E994BA98070946E7FA75FBDAAFA7F4677DD9428CFC2F3E9199FF8CA104C79FBA14A75724EB429AE2FB03F93BD37D0DD0EC5B252605FAE
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016691961"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\ea2b0a9a-3357-4796-8513-b82cffbdd2b2.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174420
Entropy (8bit):	6.079186155906536
Encrypted:	false
SSDEEP:	3072:945kZExZKKJEuwA4x37SiHnDcWYKWFuFcbXafIB0u1GOJmA3iuRa:ygExzgRx37iWYFOaqfIlUOoSiuRa
MD5:	20AF913DDF916F42DEDF32567AE4C73C
SHA1:	5006E31DF83991875744A49CDA5F0F2A304269F0
SHA-256:	6C0072F5F50186100077C37522D0916E54BEA98299185DD2E9889A120529F52C
SHA-512:	478EBC24E12B80301AC67ABD8752825588961BC9CC1FCF744910C22C01810EEB83E744CD1F3239D000FE0FBACF2034DFEF0DFAA80C49D6577FDDC704BF7DECEF
Malicious:	false
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.626956091432595e+12,"network":1.626923694e+12,"ticks":6934894030.0,"uncertainty":5593175.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016691961"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Temp\1844_141769713\manifest.fingerprint Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9265057735423707
Encrypted:	false
SSDEEP:	3:Scy/szkTqhKDKVXGWjGd5n:ScCPqhYKVFK5
MD5:	72AC97F196EAA5A1E6C61113B4931B84
SHA1:	B23CC7C005A3BC6AD1517B9B1CB86E4451E92021
SHA-256:	A51A8D5EF5856EDD33EBDBD68AE67B9F0BDDB6FD3C0256637EA688429C36525D
SHA-512:	3F60837DACB8B20A8E87E432A61D0C59E9D39152167AE2C6D0FFC3CA9DE25C4CC9ECAB4A7FF1762B27F2C53FFD8AFD5B8F519CC8B242E2DD801AC29822275EC4
Malicious:	false
Preview:	1.91ee417000553ca22ed67530545c4177a08e7ffcf602c292a71bd89ecd0568a5

C:\Users\user\AppData\Local\Temp\1844_1872955888\manifest.fingerprint Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.9029938937928734
Encrypted:	false
SSDEEP:	3:ST1HTRWzccXBpy1CcYgy:SxHoIfXy
MD5:	47D76975618B8F3256F4CD7FA94C37AB
SHA1:	4496F70B0A44B33C15B1AECEAEAF7D8E8F4EE197
SHA-256:	FAD49B3586ABA84BD8239D25EF5ED27C7BF552A56AFF2B9438B3D9D551A228AE
SHA-512:	7EF8A13685078E5D08EFB5C8C265ED732053750D006D62F0E700898681AF607C02D0A4F91B88F574DFD0EAE0D5DAA75647307EDBC062DD3A5DB864BD541B93CD
Malicious:	false
Preview:	1.694636bbb2f68d5629d1e4a499aabd2d82f93c95c49c20e270b301d94cae333a

C:\Users\user\AppData\Local\Temp\1844_1903164773\manifest.fingerprint Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.928261499316817
Encrypted:	false
SSDEEP:	3:STDLGswXEVBcVdBiTDt3zLsW:SPLGLErcVdBiDtf3
MD5:	C00BCE97F21B1AD61EB9B8CD001795EE
SHA1:	8E0392FF3DB267D847711C3F4E0D7468060E1535
SHA-256:	59F06F04230E32E8BC839F45B984D31D611930427B631C963D09E7064A602363
SHA-512:	9930E44A6ECC62505DBADCEED5E05645909FF09816FB12AAC0414E6D2830AC09758366C3B7D4EDD7839C87EB16DFA4C66D8981AE6237D408B37135C3506F4CD2
Malicious:	false
Preview:	1.6f6bc93dcd62dc251850d2ff458fda96083ceb7fbe8eeb11248b8485ef2aea23

C:\Users\user\AppData\Local\Temp\1844_280828689\manifest.fingerprint Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	66
Entropy (8bit):	3.893948431036658
Encrypted:	false
SSDEEP:	3:SVbHhID/aE7RR8JIKLEXxXTQ9gG:SDI77q9wJygG
MD5:	0B46A559724C0403EF7FB286B713EC99
SHA1:	D7EBD7D59199305F13474C8E0E18DA72E6373148
SHA-256:	B71EC26B0F0FE87A91C47A91B6AFB5C2729478C83337D141FC136C9C02CC6B7D
SHA-512:	5E7F535A3A62EFFB329A94FDE728DAC38A5D26B91B6E225F33716970CD06CAAF00A6D90E967793A570776F0EB60F0C221A683F45E778C87ABE647CD1E35B1A43
Malicious:	false
Preview:	1.0727b38159b38ffa3633510444ece15c86417962e8cac59c59002f13b50239ac

C:\Users\user\AppData\Local\Temp\1844_818490358\manifest.fingerprint Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	modified
Size (bytes):	66
Entropy (8bit):	3.9301659996057974
Encrypted:	false
SSDEEP:	3:SXlpS0VHAgzlURX/PVdAwtL:Si0G5X
MD5:	FF0CBA325E01ED1EAE9021FBC02D3362
SHA1:	ADD06DA6B8FF5D8234EE155166C7498A5CFF8977
SHA-256:	CBD1231298B252479D8A63155A8FC0CFBC94AC5E8F74D93C683BC182CA3EA245
SHA-512:	7420B818C45FE804ABA451687DADCFD18A80FCF43F5D783D0BCEFC77191C716374B5F4F7989469FF0BEAC422DA75FC534E71ECD8BFC38EF51ABAD42913C3A956
Malicious:	false
Preview:	1.2731bdeddb1470bf2f7ae9c585e7315be52a8ce98b8af698ece8e500426e378a

C:\Users\user\AppData\Local\Temp\790af078-af3f-4804-96c8-c9234b9b5abf.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	768843
Entropy (8bit):	7.992932603402907
Encrypted:	true
SSDEEP:	12288:cK2ED9wjXNC1Gse83ru82/u0eKhgxuPFrDXgtbPz54Pm1D0fBmfH1sBrJ9mTiDga:cK2ED9I48seur0/uZKCuPNbgtbz6m1ob
MD5:	A11D5CAF6BF849AEB84B0C95B1C3B7CF
SHA1:	27F410CCBD75852C01C7464A1FD7EF8C29BE3916
SHA-256:	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
SHA-512:	086C124DE3A01BE467647F3BCB4EA05105F690AB45417A0E3D38935ABA9E2381DF59AF98D0FFF7823CEFD5390B48807352E135AC70977AED7B413A8CC48FB590
Malicious:	false
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........6W..>Nuw9..R{c...Nq.H.K..A!....`v.k+..?.5.>v.....;.._~....tp....x.q.V...7.m.O.~.{!.o/q.'..BK..4./?'.....L..fH&.._<..&.p.k^..\s...:1y..F.N.+...X.PO@Mo....X.G1:..Y.@;..j..........=ae...0.......DU....n...n.;.Ipr..Q....:... <.....a.Y....{ei........0..0....H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;\|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m.............m....ni...`..W.....R.p.b.+...+.\k.R$e~.J\.&c%.d...M..j..V.%...+1F....D....X\.1ct.<........E.B.+.i@...8..^...&YR...I.o...,.....[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. D.'.N@.(..GK....m...A.0.."

C:\Users\user\AppData\Local\Temp\8264c5b6-358f-4968-a521-063e8d881faf.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:	3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\9b078c36-1c4a-46fb-a35f-4f63fc604e3f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\b1025a97-2e98-4583-a67e-c544adf49f0e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:	3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\dd069b54-ebbd-4a49-a5c4-e3da78c6c054.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\fe75e4d8-ffd2-43e1-b2cd-2a4b5fe79ce6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\790af078-af3f-4804-96c8-c9234b9b5abf.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	768843
Entropy (8bit):	7.992932603402907
Encrypted:	true
SSDEEP:	12288:cK2ED9wjXNC1Gse83ru82/u0eKhgxuPFrDXgtbPz54Pm1D0fBmfH1sBrJ9mTiDga:cK2ED9I48seur0/uZKCuPNbgtbz6m1ob
MD5:	A11D5CAF6BF849AEB84B0C95B1C3B7CF
SHA1:	27F410CCBD75852C01C7464A1FD7EF8C29BE3916
SHA-256:	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
SHA-512:	086C124DE3A01BE467647F3BCB4EA05105F690AB45417A0E3D38935ABA9E2381DF59AF98D0FFF7823CEFD5390B48807352E135AC70977AED7B413A8CC48FB590
Malicious:	false
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........6W..>Nuw9..R{c...Nq.H.K..A!....`v.k+..?.5.>v.....;.._~....tp....x.q.V...7.m.O.~.{!.o/q.'..BK..4./?'.....L..fH&.._<..&.p.k^..\s...:1y..F.N.+...X.PO@Mo....X.G1:..Y.@;..j..........=ae...0.......DU....n...n.;.Ipr..Q....:... <.....a.Y....{ei........0..0....H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;\|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m.............m....ni...`..W.....R.p.b.+...+.\k.R$e~.J\.&c%.d...M..j..V.%...+1F....D....X\.1ct.<........E.B.+.i@...8..^...&YR...I.o...,.....[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. D.'.N@.(..GK....m...A.0.."

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\CRX_INSTALL\_locales\am\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	17307
Entropy (8bit):	5.461848619761356
Encrypted:	false
SSDEEP:	384:arfbEVrFvMP4rMhuDopC3vUuFBYZV6uml:aHEVrFvMP4KuFvr6D6uml
MD5:	26330929DF0ED4E86F06C00C03F07CE3
SHA1:	478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C
SHA-256:	621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
SHA-512:	0BE6183A1BF12575C0F99960705D4249E79CDB8528C55FF132BE99A111F09494231AD6A36CD61B090A3B34C6971D68A29373BA346888E852C52E05DC14380682
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": "...... ... ..... .. ...... .... ... .... ......?".. },.. "128276876460319075": {.. "message": "..... ...".. },.. "1428448869078126731": {.. "message": ".... ......".. },.. "1522140683318860351": {.. "message": "..... ....... .... ..... .....".. },.. "1550904064710828958": {.. "message": "....".. },.. "1636686747687494376": {.. "message": "... ...".. },.. "1802762746589457177": {.. "message": "...".. },.. "1850397500312020388": {.. "message": ".$START_LINK$Google Home .......$END_LINK$ ... ...... Chromecast ..... .....? $START_SPAN$*$END_SPAN$",.. "placeholde

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\CRX_INSTALL\_locales\ar\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	16809
Entropy (8bit):	5.458147730761559
Encrypted:	false
SSDEEP:	192:0IprKC78JmUjk8RkeryFOYPATxLZ8fsbE3/IFV6c8TEKdl:Jrp8JjA8RkerK0lc3wFV6uml
MD5:	44325A88063573A4C77F6EF943B0FC3E
SHA1:	78908D766F3E7A0E4545E7BD823C8ED47C7164EB
SHA-256:	67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B
SHA-512:	889C02BC986794C58C76022E78F57F867DD1D5217687F12D679A33A2DB9E5A18F3A37CF94D8FE4585E747C78E4662EAB93361FF7D945990774C7CFCACCFB79D1
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".....".. },.. "1213957982723875920": {.. "message": ".. .. ........ ....... .... .... ... .......".. },.. "128276876460319075": {.. "message": "...... .......".. },.. "1428448869078126731": {.. "message": "..... .......".. },.. "1522140683318860351": {.. "message": "..... ........ .... ........ ... .....".. },.. "1550904064710828958": {.. "message": "...".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": "..... .....".. },.. "1850397500312020388": {.. "message": "... ....... .. .... Chromecast .. $START_LINK$..... Google Home$END_LINK$. $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {..

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\CRX_INSTALL\_locales\bg\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	18086
Entropy (8bit):	5.408731329060678
Encrypted:	false
SSDEEP:	192:4jjpr342SIwPIasR9VhMkACVmrv8evj+3eXivOMbb2vVzCkwRV6V6c8TEKdl:4ZrYo+rxT+qOV6V6uml
MD5:	6911CE87E8C47223F33BEF9488272E40
SHA1:	980398F076BB7D451B18D7FDE2DE09041B1F55AD
SHA-256:	273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA
SHA-512:	CDB69405BB553E46DCF02F71B1A394307D0051E7FA662DFFEBA7888F30DD933F13C7FD6E32F1D7AEAEE8746316873B6E1D92029724ABDC75E49DCC092172EA22
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".......".. },.. "1213957982723875920": {.. "message": "... .. ........ ......... ...... ...-..... ....... ..?".. },.. "128276876460319075": {.. "message": "......... .. ..........".. },.. "1428448869078126731": {.. "message": "........ .. .........".. },.. "1522140683318860351": {.. "message": "........... .. .. ........ ...., ........ .......".. },.. "1550904064710828958": {.. "message": "......".. },.. "1636686747687494376": {.. "message": ".......".. },.. "1802762746589457177": {.. "message": ".... .. .....".. },.. "1850397500312020388": {.. "message": "....... .. ............ .. Chromecast . $START_LINK$............ Google Home$END_LINK$? $START_SPAN$*$END_SPAN$",.. "p

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\CRX_INSTALL\_locales\bn\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	19695
Entropy (8bit):	5.315564774032776
Encrypted:	false
SSDEEP:	384:PrUCrcTIOeswIW/Vre/sZn8TFfzheV6uml:lPswIWtoK8xfG6uml
MD5:	F9DDF525C07251282A3BFFCEE9A09ABB
SHA1:	A343A078E804AF400A8F3E1891E3390DA754A5CD
SHA-256:	C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227
SHA-512:	EBD339C37162984672513019D470B92DF8B743DD69D4430361EF12D42FD1C208DBDE818A7BFE20BE8A7D63CD6E02B3F4344DEA1C4AEDB8719D789981A49DA44C
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".... ...".. },.. "1213957982723875920": {.. "message": "..... ....... ..... ........... ...... ....... ...... ...?".. },.. "128276876460319075": {.. "message": "...... ........".. },.. "1428448869078126731": {.. "message": "...... ......... ...".. },.. "1522140683318860351": {.. "message": "..... .... ...... ....... ... ... .... ...... .....".. },.. "1550904064710828958": {.. "message": ".........".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": ".....".. },.. "1850397500312020388": {.. "message": "$START_LINK$ Google

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\CRX_INSTALL\_locales\ca\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15518
Entropy (8bit):	5.242542310885
Encrypted:	false
SSDEEP:	384:drGUBKxMF2ayv8FrIccUVFmwf+7d9VKS3V6uml:dCUBKxMFBy0FE3UzmQ+zkSl6uml
MD5:	A90CF7930E7C3BEC61EE252DEFAD574A
SHA1:	F630CA01114A7BDD39607CB84B8280CCE218A5C6
SHA-256:	A533740E17559E2ADF40B4555C60F21EEC84E92C09CDBC19EED033A0B4DD2474
SHA-512:	598F991B344FA6724617D6CE57BB0D6D64EF86B4F5317BF6AD5EDF43E6B0A385094E7885F7A8FA2B107405B31C3D9F76E92315BC1D9BB52ACD4ECAD342917DE1
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Es congela".. },.. "1213957982723875920": {.. "message": "Quina de les opcions.seg.ents descriu millor la vostra xarxa?".. },.. "128276876460319075": {.. "message": "Detecci. de dispositius".. },.. "1428448869078126731": {.. "message": "Flu.desa del v.deo".. },.. "1522140683318860351": {.. "message": "S'ha produ.t un error en la connexi.. Torneu-ho a provar.".. },.. "1550904064710828958": {.. "message": "Correcta".. },.. "1636686747687494376": {.. "message": "Perfecta".. },.. "1802762746589457177": {.. "message": "Volum".. },.. "1850397500312020388": {.. "message": "Pots veure el Chromecast a l'$START_LINK$aplicaci. Google.Home$END_LINK$?$START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\CRX_INSTALL\_locales\cs\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15552
Entropy (8bit):	5.406413558584244
Encrypted:	false
SSDEEP:	192:eVdprJrG5efiTk93ebrxZR1fdc8VDCwT9fTV6c8TEKdl:2rMqiQerxQ88W7V6uml
MD5:	17E753EE877FDED25886D5F7925CA652
SHA1:	8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678
SHA-256:	C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382
SHA-512:	33D61F6327FC81D7A45AA2CC97922DC527F5F43E54AA1A1638DA6EE407024A2F10CFD82CC5C3C581C2E7B216276987CB26C3FA95198572E139ACF29CC5B7ADCB
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Video zamrz.".. },.. "1213957982723875920": {.. "message": "Kter. popis nejl.pe vystihuje va.i s..?".. },.. "128276876460319075": {.. "message": "Zji..ov.n. za..zen.".. },.. "1428448869078126731": {.. "message": "Plynulost videa".. },.. "1522140683318860351": {.. "message": "P.ipojen. se nezda.ilo. Zkuste to pros.m znovu.".. },.. "1550904064710828958": {.. "message": "Plynul.".. },.. "1636686747687494376": {.. "message": "Perfektn.".. },.. "1802762746589457177": {.. "message": "Hlasitost".. },.. "1850397500312020388": {.. "message": "Vid.te sv.j Chromecast v.$START_LINK$aplikaci Google Home $END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3"..

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\CRX_INSTALL\_locales\da\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15340
Entropy (8bit):	5.2479291792849105
Encrypted:	false
SSDEEP:	192:+Upr8XnI1MY2kPuir8j7Rd3kbTWc4QtV6c8TEKdl:FrJ1H9br8h6eZCV6uml
MD5:	F08A313C78454109B629B37521959B33
SHA1:	3D585D52EC8B4399F66D4BE88CED10F4A034FCCC
SHA-256:	23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564
SHA-512:	9F2868AEBBF7F6167A7EA120FE65E752F9A65D1DC51072AA2413B2FDE374DA2D169D455A4788E341717F694179E6F1FA80413C080D9CD8CB397C3E84668CBFEC
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "Fryser".. },.. "1213957982723875920": {.. "message": "Hvilket af f.lgende udsagn beskriver bedst dit netv.rk?".. },.. "128276876460319075": {.. "message": "Enhedsregistrering".. },.. "1428448869078126731": {.. "message": "Videostabilitet".. },.. "1522140683318860351": {.. "message": "Forbindelsen blev afbrudt. Pr.v igen.".. },.. "1550904064710828958": {.. "message": "Problemfri".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lydstyrke".. },.. "1850397500312020388": {.. "message": "Kan du se din Chromecast i $START_LINK$ Google Home-appen$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.. "content": "$3".. },.. "STAR

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\CRX_INSTALL\_locales\de\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	15555
Entropy (8bit):	5.258022363187752
Encrypted:	false
SSDEEP:	192:AJprM71A4qyJSwlk5KR5rtXsmvL0xhVw921YV6c8TEKdl:2re3jJS5A5rt8msA2KV6uml
MD5:	980FB419ED6ED94AD75686AFFB4E4C2E
SHA1:	871BFBCA6BCBA9197811883A93C50C0716562D57
SHA-256:	585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1
SHA-512:	1681FA9C3BA882250A5005FB807D759EB8A634F1AA011725B1C865C0028BE7AB7BC16DC821A7F5BBFBA84C91E7D663ADE715284798E7E84E8FFF2D254488882D
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": "H.ngenbleiben".. },.. "1213957982723875920": {.. "message": "Welche dieser Aussagen beschreibt dein Netzwerk am besten?".. },.. "128276876460319075": {.. "message": "Ger.teerkennung".. },.. "1428448869078126731": {.. "message": "Videowiedergabequalit.t".. },.. "1522140683318860351": {.. "message": "Fehler beim Herstellen der Verbindung. Bitte versuche es noch einmal.".. },.. "1550904064710828958": {.. "message": "St.rungsfrei".. },.. "1636686747687494376": {.. "message": "Perfekt".. },.. "1802762746589457177": {.. "message": "Lautst.rke".. },.. "1850397500312020388": {.. "message": "Siehst du deinen Chromecast in der $START_LINK$Google Home App$END_LINK$? $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content": "$1".. },.. "END_SPAN": {.. "content": "$2".. },.. "START_LINK": {.

C:\Users\user\AppData\Local\Temp\scoped_dir1844_1105324779\CRX_INSTALL\_locales\el\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	17941
Entropy (8bit):	5.465343004010711
Encrypted:	false
SSDEEP:	384:S0rDuhLh41cZrP3TzDBknbpgo6djIV6uml:S0fuBh46ZD3TzDinbpgoUK6uml
MD5:	40EB778339005A24FF9DA775D56E02B7
SHA1:	B00561CC7020F7FE717B5F692884253C689A7C61
SHA-256:	F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1
SHA-512:	8BED281A33EC1E4E88A9F9D62BB13FE0266C0FAF8856D1DC2A843D26DD3CE5E7D1400FD3325ABD783B0364EC4FB1188AD941D56AEB9073BC365BE0D12DE6C013
Malicious:	false
Preview:	{.. "1018984561488520517": {.. "message": ".......".. },.. "1213957982723875920": {.. "message": ".... ... .. ........ .......... ........ .. ...... ...;".. },.. "128276876460319075": {.. "message": ".......... ........".. },.. "1428448869078126731": {.. "message": "......... ......".. },.. "1522140683318860351": {.. "message": "........ ......... ......... .....".. },.. "1550904064710828958": {.. "message": ".....".. },.. "1636686747687494376": {.. "message": "......".. },.. "1802762746589457177": {.. "message": "...... ....".. },.. "1850397500312020388": {.. "message": "........ .. ..... .. Chromecast .... $START_LINK$........ Google Home$END_LINK$; $START_SPAN$*$END_SPAN$",.. "placeholders": {.. "END_LINK": {.. "content

Static File Info

General
File type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Entropy (8bit):	6.146028616944776
TrID:	HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11501/1) 33.82% HyperText Markup Language (11001/1) 32.35%
File name:	DHL Documents.html
File size:	20279
MD5:	1a10cc572b13e1e3ac87aa5b828f361e
SHA1:	7d4b10eebfaab57f31c3284370c307fe87c1e226
SHA256:	9bbac023e088dd861025b79a10ec0f1ffa576c5ecba2d7ad8f5b3f3217b818cf
SHA512:	6d634a2ff43ca82bc7269dda54547e72845fb21ea9c0948f1975234d753fd7371a6f41eee93226b79809d1a3c246559f47dc3e7d56b1dc46176065c97c7d6ddf
SSDEEP:	384:c+kXh8xpswIOaJqVmdIT8km8IgqHo7Z5eL+KBVFADgwNWcZZnoGl:c/qawIOwdIT8+N27L7BVFyrEcZZnoGl
File Content Preview:	<HTML><HEAD><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">....<STYLE type=text/css>..body, html {.. height: 100%;.. margin: 0;.. font-family: "Segoe UI Webfont",-apple-system,"Helvetica Neue","Lucida Grande","Roboto","Ebrima",

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 22, 2021 05:14:52.998358965 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:52.998575926 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:53.049036026 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.049635887 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.051199913 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.051336050 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:53.051426888 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:53.051748037 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:53.102164984 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.105379105 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:53.114553928 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.114564896 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.114577055 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.114589930 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.114706993 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.114721060 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.118263960 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:53.118285894 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:53.118346930 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:53.811140060 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.812880039 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.813440084 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.862046003 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.863102913 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.863203049 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.869013071 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.879904985 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.881875992 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.881903887 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.881977081 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.907166958 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.907190084 CEST	49705	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:53.956527948 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:53.956695080 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:53.956849098 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:53.956852913 CEST	443	49705	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:53.956861019 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:54.010505915 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:54.010529995 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:54.011919975 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:54.012476921 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:54.027894974 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:54.027915001 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:54.027935028 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:54.027945995 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:54.027947903 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:54.027982950 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:54.028006077 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:54.039135933 CEST	49706	443	192.168.2.3	172.217.168.45
Jul 22, 2021 05:14:54.083966017 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:54.098129034 CEST	443	49706	172.217.168.45	192.168.2.3
Jul 22, 2021 05:14:56.347805023 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.397460938 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.397641897 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.398746014 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.449873924 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.460671902 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.460743904 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.460796118 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.460851908 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.460850954 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.460897923 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.460922956 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.487799883 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.488035917 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.488179922 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.539414883 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.539463997 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.539577961 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.539680958 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.539750099 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.540766001 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.540823936 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.540842056 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.540874958 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.540879965 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.540923119 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.540932894 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.540978909 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.545366049 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.545409918 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.545583010 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.545670986 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.547719002 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.547769070 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.547806025 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.547832012 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.551507950 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.551552057 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.551664114 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.551719904 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.554701090 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.554785967 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.554816961 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.554881096 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.559684038 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.559808016 CEST	49721	443	192.168.2.3	142.250.203.97
Jul 22, 2021 05:14:56.590509892 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.590543032 CEST	443	49721	142.250.203.97	192.168.2.3
Jul 22, 2021 05:14:56.590612888 CEST	49721	443	192.168.2.3	142.250.203.97

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 22, 2021 05:14:43.748969078 CEST	60985	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:43.822699070 CEST	53	60985	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:52.114653111 CEST	55984	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:52.177062988 CEST	53	55984	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:52.926091909 CEST	64185	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:52.928103924 CEST	65110	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:52.930497885 CEST	58361	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:52.937016964 CEST	63492	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:52.941163063 CEST	60831	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:52.990113974 CEST	53	58361	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:52.992531061 CEST	53	65110	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:52.993536949 CEST	53	64185	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:52.994170904 CEST	53	63492	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:52.997929096 CEST	53	60831	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:53.971590996 CEST	60100	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:54.039304018 CEST	53	60100	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:54.197587013 CEST	53195	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:54.254741907 CEST	53	53195	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:55.488090038 CEST	51352	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:55.540098906 CEST	53	51352	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:56.064446926 CEST	51353	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:56.130089998 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.130136967 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.130175114 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.130580902 CEST	51353	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:56.131922007 CEST	51353	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:56.132329941 CEST	51353	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:56.209763050 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.220127106 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.221541882 CEST	51353	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:56.221591949 CEST	51353	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:56.264158010 CEST	59349	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:56.273854017 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.286734104 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.286782980 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.287422895 CEST	51353	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:56.303138018 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.303493023 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.303519964 CEST	443	51353	142.250.203.110	192.168.2.3
Jul 22, 2021 05:14:56.303720951 CEST	51353	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:56.332115889 CEST	51353	443	192.168.2.3	142.250.203.110
Jul 22, 2021 05:14:56.332340002 CEST	53	59349	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:57.063994884 CEST	57084	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:57.116084099 CEST	53	57084	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:58.089895964 CEST	58823	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:58.157557964 CEST	53	58823	8.8.8.8	192.168.2.3
Jul 22, 2021 05:14:59.469239950 CEST	57568	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:14:59.530424118 CEST	53	57568	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:05.063880920 CEST	57762	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:05.120990992 CEST	53	57762	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:06.763876915 CEST	55435	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:06.823720932 CEST	53	55435	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:08.010340929 CEST	50713	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:08.061553001 CEST	53	50713	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:08.920696020 CEST	56132	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:08.980849981 CEST	53	56132	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:10.134557962 CEST	58987	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:10.191543102 CEST	53	58987	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:11.028321028 CEST	56579	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:11.086782932 CEST	53	56579	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:11.897049904 CEST	60633	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:11.949496031 CEST	53	60633	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:13.110177994 CEST	61292	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:13.159632921 CEST	53	61292	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:14.376710892 CEST	63619	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:14.426719904 CEST	53	63619	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:15.660646915 CEST	64938	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:15.712763071 CEST	53	64938	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:16.546612024 CEST	61946	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:16.575531960 CEST	64910	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:16.605422020 CEST	53	61946	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:16.625148058 CEST	53	64910	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:21.927170992 CEST	52123	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:21.976799011 CEST	53	52123	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:22.395025015 CEST	56130	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:22.460664034 CEST	53	56130	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:22.750466108 CEST	56338	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:22.808655024 CEST	53	56338	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:26.140810013 CEST	59420	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:26.192888975 CEST	53	59420	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:27.022735119 CEST	58784	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:27.071897030 CEST	53	58784	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:27.790956974 CEST	63978	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:27.840533972 CEST	53	63978	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:29.650046110 CEST	62938	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:29.703772068 CEST	53	62938	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:36.691612005 CEST	55708	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:36.751830101 CEST	53	55708	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:36.847800970 CEST	56803	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:36.906287909 CEST	53	56803	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:37.217994928 CEST	57145	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:37.291766882 CEST	53	57145	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:48.523092031 CEST	55359	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:48.583036900 CEST	53	55359	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:49.044831991 CEST	64124	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:49.104830980 CEST	53	64124	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:49.239795923 CEST	49361	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:49.298029900 CEST	53	49361	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:49.684182882 CEST	63150	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:49.741293907 CEST	53	63150	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:56.673988104 CEST	53279	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:56.735503912 CEST	53	53279	8.8.8.8	192.168.2.3
Jul 22, 2021 05:15:57.008724928 CEST	56881	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:15:57.067748070 CEST	53	56881	8.8.8.8	192.168.2.3
Jul 22, 2021 05:16:00.465033054 CEST	53642	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:16:00.523840904 CEST	53	53642	8.8.8.8	192.168.2.3
Jul 22, 2021 05:16:31.919781923 CEST	55667	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:16:31.993246078 CEST	53	55667	8.8.8.8	192.168.2.3
Jul 22, 2021 05:16:33.414037943 CEST	54833	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:16:33.476773024 CEST	53	54833	8.8.8.8	192.168.2.3
Jul 22, 2021 05:16:38.122258902 CEST	62476	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:16:38.182035923 CEST	53	62476	8.8.8.8	192.168.2.3
Jul 22, 2021 05:17:11.538990021 CEST	49705	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:17:11.603050947 CEST	53	49705	8.8.8.8	192.168.2.3
Jul 22, 2021 05:17:11.742883921 CEST	61477	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:17:11.800131083 CEST	53	61477	8.8.8.8	192.168.2.3
Jul 22, 2021 05:17:15.534569979 CEST	61633	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:17:15.600692034 CEST	53	61633	8.8.8.8	192.168.2.3
Jul 22, 2021 05:17:15.629626036 CEST	55949	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:17:15.689739943 CEST	53	55949	8.8.8.8	192.168.2.3
Jul 22, 2021 05:17:23.866723061 CEST	57601	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:17:23.917059898 CEST	53	57601	8.8.8.8	192.168.2.3
Jul 22, 2021 05:17:23.999612093 CEST	49342	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:17:24.059942961 CEST	53	49342	8.8.8.8	192.168.2.3
Jul 22, 2021 05:17:33.323376894 CEST	56253	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:17:33.437613010 CEST	53	56253	8.8.8.8	192.168.2.3
Jul 22, 2021 05:17:34.129755974 CEST	49667	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:17:34.187004089 CEST	53	49667	8.8.8.8	192.168.2.3
Jul 22, 2021 05:17:34.815537930 CEST	55439	53	192.168.2.3	8.8.8.8
Jul 22, 2021 05:17:34.872504950 CEST	53	55439	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 22, 2021 05:14:52.926091909 CEST	192.168.2.3	8.8.8.8	0xae67	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Jul 22, 2021 05:14:52.937016964 CEST	192.168.2.3	8.8.8.8	0x4c13	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Jul 22, 2021 05:14:56.264158010 CEST	192.168.2.3	8.8.8.8	0x70f5	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jul 22, 2021 05:14:52.993536949 CEST	8.8.8.8	192.168.2.3	0xae67	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 05:14:52.993536949 CEST	8.8.8.8	192.168.2.3	0xae67	No error (0)	clients.l.google.com		142.250.203.110	A (IP address)	IN (0x0001)
Jul 22, 2021 05:14:52.994170904 CEST	8.8.8.8	192.168.2.3	0x4c13	No error (0)	accounts.google.com		172.217.168.45	A (IP address)	IN (0x0001)
Jul 22, 2021 05:14:56.332340002 CEST	8.8.8.8	192.168.2.3	0x70f5	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 05:14:56.332340002 CEST	8.8.8.8	192.168.2.3	0x70f5	No error (0)	googlehosted.l.googleusercontent.com		142.250.203.97	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 1844 Parent PID: 3064

General

Start time:	05:14:46
Start date:	22/07/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\DHL Documents.html'
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: chrome.exe PID: 4576 Parent PID: 1844

General

Start time:	05:14:48
Start date:	22/07/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,14982751535075210194,15195143519103781389,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1760 /prefetch:8
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report DHL Documents.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Sigma Overview

Jbx Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 1844 Parent PID: 3064

General

Analysis Process: chrome.exe PID: 4576 Parent PID: 1844

General

Disassembly