Play interactive tour

Edit tour

Windows Analysis Report https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=

Overview

General Information

Sample URL:	https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=
Analysis ID:	452444
Infos:
Most interesting Screenshot:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2540 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 4720 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,12725805788268941494,2024101114354921593,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1684 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Antivirus / Scanner detection for submitted sample

Show sources

Source: https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=

SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: 77EC63BDA74BD0D0E0426DC8F8008506.1.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr, manifest.json0.0.dr	String found in binary or memory: https://accounts.google.com
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr, manifest.json0.0.dr	String found in binary or memory: https://apis.google.com
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: Reporting and NEL.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorry
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr, 99522dd6-2ad0-4561-95d0-b5aac42c6965.tmp.1.dr, 9653fab4-25a0-433a-ba70-76ec33ed42b1.tmp.1.dr	String found in binary or memory: https://dns.google
Source: Current Session.0.dr	String found in binary or memory: https://fax2email.moveyourbody.com.au/?arnold.gruber
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: Current Session.0.dr	String found in binary or memory: https://olrdyskiyqltcvm.collndamfax.com
Source: Current Session.0.dr, History.0.dr	String found in binary or memory: https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=
Source: History.0.dr	String found in binary or memory: https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=/&P
Source: History Provider Cache.0.dr	String found in binary or memory: https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=2
Source: History Provider Cache.0.dr	String found in binary or memory: https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=2:
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr	String found in binary or memory: https://r2---sn-h0jeener.gvt1.com
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr, manifest.json0.0.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712

Source: classification engine

Classification label: mal48.win@32/170@5/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-60F9B670-9EC.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\7afbe181-447e-4839-8f4e-80de2aed508a.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ='
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,12725805788268941494,2024101114354921593,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1684 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,12725805788268941494,2024101114354921593,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1684 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=	0%	Virustotal		Browse
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=	0%	Avira URL Cloud	safe
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=	100%	SlashNext	Fake Login Page type: Phishing & Social Engineering

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://dns.google	0%	URL Reputation	safe
https://www.google.com;	0%	Avira URL Cloud	safe
https://olrdyskiyqltcvm.collndamfax.com	0%	Avira URL Cloud	safe
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=2	0%	Avira URL Cloud	safe
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=2:	0%	Avira URL Cloud	safe
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=/&P	0%	Avira URL Cloud	safe
https://fax2email.moveyourbody.com.au/?arnold.gruber	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external	0%	URL Reputation	safe
https://csp.withgoogle.com/csp/report-to/downloads-lorry	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fax2email.moveyourbody.com.au	182.160.154.94	true	false	unknown
accounts.google.com	172.217.168.45	true	false	high
clients.l.google.com	142.250.203.110	true	false	high
olrdyskiyqltcvm.collndamfax.com	27.121.68.114	true	false	unknown
googlehosted.l.googleusercontent.com	142.250.203.97	true	false	high
clients2.googleusercontent.com	unknown	unknown	false	high
clients2.google.com	unknown	unknown	false	high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://dns.google	abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr, 99522dd6-2ad0-4561-95d0-b5aac42c6965.tmp.1.dr, 9653fab4-25a0-433a-ba70-76ec33ed42b1.tmp.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://ogs.google.com	abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	false		high
https://support.google.com/chromecast/troubleshooter/2995236	messages.json41.0.dr	false		high
https://play.google.com	abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
https://www.google.com;	manifest.json0.0.dr	false	Avira URL Cloud: safe	low
https://hangouts.google.com/	manifest.json0.0.dr	false		high
https://olrdyskiyqltcvm.collndamfax.com	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=2	History Provider Cache.0.dr	true	Avira URL Cloud: safe	unknown
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=	Current Session.0.dr, History.0.dr	true		unknown
https://www.google.com	abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr, manifest.json0.0.dr	false		high
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=2:	History Provider Cache.0.dr	true	Avira URL Cloud: safe	unknown
https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=/&P	History.0.dr	true	Avira URL Cloud: safe	unknown
https://fax2email.moveyourbody.com.au/?arnold.gruber	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://accounts.google.com	abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr, manifest.json0.0.dr	false		high
https://support.google.com/chromecast/answer/2998456	messages.json41.0.dr	false		high
https://clients2.googleusercontent.com	abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	false		high
https://apis.google.com	abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr, manifest.json0.0.dr	false		high
https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external	Reporting and NEL.1.dr	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://www.google.com/	manifest.json.0.dr	false		high
https://csp.withgoogle.com/csp/report-to/downloads-lorry	Reporting and NEL.1.dr	false	Avira URL Cloud: safe	unknown
https://feedback.googleusercontent.com	manifest.json0.0.dr	false		high
https://clients2.google.com	abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp.1.dr, 15912760-29e5-43c6-9c47-cdfeca09850d.tmp.1.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json0.0.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
27.121.68.114	olrdyskiyqltcvm.collndamfax.com	Australia	24446	NETREGISTRY-AS-APNetRegistryPtyLtdAU	false
182.160.154.94	fax2email.moveyourbody.com.au	Australia	55803	DIGITALPACIFIC-AUDigitalPacificPtyLtdAustraliaAU	false
142.250.203.110	clients.l.google.com	United States	15169	GOOGLEUS	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.203.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.1
127.0.0.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	452444
Start date:	22.07.2021
Start time:	11:17:36
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 45s
Hypervisor based Inspection enabled:	false
Report type:	light
Cookbook file name:	browseurl.jbs
Sample URL:	https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	19
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal48.win@32/170@5/8
Cookbook Comments:	Adjust boot time Enable AMSI
Warnings:	Show All Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, svchost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 23.211.6.115, 13.88.21.125, 172.217.168.14, 172.217.133.103, 34.104.35.123, 172.217.168.67, 67.27.158.254, 8.253.207.120, 8.253.145.105, 8.248.141.254, 8.248.113.254, 172.217.168.42, 172.217.168.74, 142.250.203.106, 216.58.215.234, 172.217.168.10, 13.107.43.23, 13.107.5.88, 93.184.220.29, 51.103.5.159, 20.50.102.62, 23.211.4.86, 13.64.90.137, 40.112.88.60, 142.250.203.99, 20.82.209.104, 80.67.82.235, 80.67.82.211 Excluded domains from analysis (whitelisted): client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, cs9.wac.phicdn.net, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, clientservices.googleapis.com, e-0009.e-msedge.net, config-edge-skype.l-0014.l-msedge.net, l-0014.config.skype.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, iris-de-ppe-azsc-neu.northeurope.cloudapp.azure.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, redirector.gvt1.com, ocsp.digicert.com, audownload.windowsupdate.nsatc.net, update.googleapis.com, arc.trafficmanager.net, r2.sn-h0jeener.gvt1.com, watson.telemetry.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, www.gstatic.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, config.edge.skype.com, l-0014.dc-msedge.net, client.wns.windows.com, skypedataprdcolwus17.cloudapp.net, afdo-tas-offload.trafficmanager.net, fs.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, r2---sn-h0jeener.gvt1.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, www.googleapis.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, ris.api.iris.microsoft.com, edgedl.me.gvt1.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus15.cloudapp.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
11:18:30	API Interceptor	1x Sleep call for process: chrome.exe modified

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	low
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, 61020 bytes, 1 file
Category:	dropped
Size (bytes):	61020
Entropy (8bit):	7.994886945086499
Encrypted:	true
SSDEEP:	1536:IZ/FdeYPeFusuQszEfL0/NfXfdl5lNQbGxO4EBJE:0tdeYPiuWAVtlLBGm
MD5:	2902DE11E30DCC620B184E3BB0F0C1CB
SHA1:	5D11D14A2558801A2688DC2D6DFAD39AC294F222
SHA-256:	E6A7F1F8810E46A736E80EE5AC6187690F28F4D5D35D130D410E20084B2C1544
SHA-512:	EFD415CDE25B827AC2A7CA4D6486CE3A43CDCC1C31D3A94FD7944681AA3E83A4966625BF2E6770581C4B59D05E35FF9318D9ADADDADE9070F131076892AF2FA0
Malicious:	false
Reputation:	low
Preview:	MSCF....\.......,...................I........l.........R.q .authroot.stl.N....5..CK..8T....c_.d....A.K....=.D.eWI..r."Y...."i..,.=.l.D.....3...3WW.......y...9..w..D.yM10....`.0.e.._.'..a0xN....)F.C..t.z.,.O20.1``L.....m?H..C..X>Oc..q.....%.!^v%<...O...-..@/.......H.J.W...... T...Fp..2.\|$....._Y..Y`&..s.1........s.{..,.":o}9.......%._.xWS.K..4"9......q.G:.........a.H.y.. ..r...q./6.p.;.`=.Dwj......!......s).B..y.......A.!W.........D!s0..!"X...l.....D0...........Ba...Z.0.o..l.3.v..W1F hSp.S)@.....'Z..QW...G...G.G.y+.x...aa`.3..X&4E..N...._O..<X.......K...xm..+M...O.H...)............o..~4.6.......p.`Bt.(..V.N.!.p.C>..%.ySXY.>.`..f\|....'^K`\..e......j/..\|..)..&i...wEj.w...o..r<.$.....C.....}.x...L..&..).r..\...>....v........7...^..L!.$..'m...,.....7F$..~..S.6$S.-y....\|.!.....x...~k...Q/.w.e...h.[...9<x...Q.x.][}_%Z..K.).3..'....M.6QkJ.N........Y..Q.n.[.(.... ...Bg..33..[...S..[... .Z..<i.-.]...po.k.,...X6......y3^.t[.Dw.]ts. R..L..`..ut_F....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.145340414441777
Encrypted:	false
SSDEEP:	6:kK9HqdoW+N+SkQlPlEGYRMY9z+4KlDA3RUeIlD1Ut:FG5kPlE99SNxAhUe0et
MD5:	07A56FC39E689F31A695B2D5FA0D7446
SHA1:	538E8C71867116C54ADD3DC648BAF102206AB87E
SHA-256:	A5373532E7F4D1C236101C8CE9480F0715286C0A4C43953CD8AE47A1F9492452
SHA-512:	D21DEB92F16946E777BE311B6629B6393ABA2972220BA29ED87A1E3DC6E2B0D47A24B6E73A60D8BDCDE6725A02FFBE670B0FA30FED60B100CBDFE54803814E2B
Malicious:	false
Reputation:	low
Preview:	p...... ..........N.%...(....................................................... .........T'._......$...........\...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.6.5.4.2.7.7.5.f.d.7.1.:.0."...

C:\Users\user\AppData\Local\Google\Chrome\User Data\0e38e2c6-84da-4d01-842c-0400637287bf.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.74463524143187
Encrypted:	false
SSDEEP:	384:XTylNToGLfopUNZrCvdX3GJTWH3uGa9rYLtNxmnzjirQRmIDoHZtxCOTTFNY1BIj:CKdF+3SeL8eLxDv0nLCLKxH9lb
MD5:	0BB312F27F6A7ACA0E0C9C8F0D59506A
SHA1:	89A7FA869B78D464BDDA8442AAD2CEB1DCA068B6
SHA-256:	ACE0EA942EACD79BC8AE407BBCE865C8DBD6945AB3E5779FE8EF267CEA2AB3BE
SHA-512:	0BC8209939331F789B2C1AE93C00A7C0D1CC19D3B613432E017CD73E4957735BA0F0F7A530142A7745F1BAFACC622CDEB0045A418273E3401D6C86EA14CCD719
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...r@8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\247459de-a773-4901-83be-bfa45dbea617.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	165961
Entropy (8bit):	6.049628170570954
Encrypted:	false
SSDEEP:	3072:x5phUtGnrszca1FLtEnNwi2rIhJxKnNSd/FcbXafIB0u1GOJmA3iuRe:x5hnrszc0fZI/xKmaqfIlUOoSiuRe
MD5:	617C11AE34C0B5C4F3C31A6D9147C159
SHA1:	674E346B22CD8EEE08211D7B9B1D25D47702C596
SHA-256:	52041D817F5C42D9DE0E52A52739122D6EDD1F1E3CE86351EF33C27CD66AE095
SHA-512:	806646A5EC9E6A8B68CB9020D1E382D23C389D911C40EB83D8AEA1D6584A9D0C25BDC2FBA77E9AA8108534829EE4E9D6108176EA2F00E22A69CA4DA876DBCAAC
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.62697790820285e+12,"network":1.62694551e+12,"ticks":5655503648.0,"uncertainty":4434819.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016024539"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\3217e258-9d08-4694-826e-c74c29fe243e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174419
Entropy (8bit):	6.079582056437918
Encrypted:	false
SSDEEP:	3072:RHV5phUtGnrszca1FLtEnNwi2rIhJxKnNSd/FcbXafIB0u1GOJmA3iuRe:ZV5hnrszc0fZI/xKmaqfIlUOoSiuRe
MD5:	31314B390A631994453AD47572500C68
SHA1:	C373CA9ED24DCC3B2051E9B1B98E55284DC01811
SHA-256:	AA2ACD3F969EECBBE9CE5213B1515F51D5BE9673F5EC7A2BDCAA03E99ED27CE7
SHA-512:	0B4E66823ACE29BE1EB4EB25A2B71D618C669DC15E66683F0892B85B5AD72FEF0E7D43CD2A9413E697F55D95291ABF97B18937D0FD67B200C141730681965057
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.62697790820285e+12,"network":1.62694551e+12,"ticks":5655503648.0,"uncertainty":4434819.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.254162526001658
Encrypted:	false
SSDEEP:	3:FkXft0xE1G1mstft0xE1G1mstft0xE1n:+ftIE1G1mkftIE1G1mkftIE1n
MD5:	E9224A19341F2979669144B01332DF59
SHA1:	F7F760C7104457DF463306A7F7BAE0142EFCEB5B
SHA-256:	47DD519C226D23F203ACAE0EC44DF9BB6208828E24F726E1602EA52F63C3E2BE
SHA-512:	4184302DEB5009D767FECFC150F580DD57D5CF9CF3BFEB7E52C9F3340E5E6499251B9F0DFF37F0454411FED9046880E0A9204312D021294256372C916B8155AC
Malicious:	false
Reputation:	low
Preview:	sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%sdPC....................s}.....M..2.!..%

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0596f1ec-547e-49b0-a23c-70a6bef3816b.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5714
Entropy (8bit):	5.188256806928936
Encrypted:	false
SSDEEP:	96:ngCzPNMMzes1cKIeTok0JCKL8C0kr1hbOTQVuwn:ngCZMXscp4KF0krz
MD5:	B2B6FE6D19490238F04721BDC8065562
SHA1:	E9D76875CFF45B9866D42C4C4741F4DF85349BEA
SHA-256:	056B44B735B3712014C990ECA14833940EB5B9C67D8D6B36C9D723015F353A41
SHA-512:	5800B3B1CE7A5C1C4F0D1CD5B42D05C4798819675935170210275C7981AE484E76A8FDC3E8EBBB6CACE90C7415352485B3A21B108FF74E3D110E7D3C81C20D58
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271451505333490","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\145d68fc-c87b-412f-8951-50d49bc6efb3.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16745
Entropy (8bit):	5.577514125323894
Encrypted:	false
SSDEEP:	384:r3jtcLl7nX91kXqKf/pUZNCgVLH2HfDarUKoWZg4z:SLlj91kXqKf/pUZNCgVLH2Hf2rUvYgk
MD5:	704F2C82CA59A172ED47F845A1F72EB0
SHA1:	EACA3C5BEB3030CB254C1507A739D9FBFEF2B9AA
SHA-256:	65E18DF9A5E4455BE4F6C98FCAB375C9C007996EA2C81EDD376C8526FC72F945
SHA-512:	6597A58563D6FA7802DE5140EC849F18C1EA9716D0C3CF4DFE7BC87905D1BC4086BEF35785EDA56B8BAC15130B8C7A660C49C9CD352DABD66EDA8610169F6A77
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271451505052454","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\15912760-29e5-43c6-9c47-cdfeca09850d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4219
Entropy (8bit):	4.871684703914691
Encrypted:	false
SSDEEP:	48:YXsJjMH+5s7YMHBKsvxMHVzspxMHbsIHt/soBDysKqnsllzMHpDCLsWJMHLsNuMg:RG+ZGJG+GTTD7IGpD+G7Gp2GnG4GVhH
MD5:	EDC4A4E22003A711AEF67FAED28DB603
SHA1:	977E551B9ED5F60D018C030B0B4AA2E33B954556
SHA-256:	DD2C9F43F622F801FCC213CDE8E3E90EF1D0D26665AE675449A94CEC7EB1D453
SHA-512:	84D3930579FD73C7D86144D5CDC636436955BA79759273C740D2D72BC4847F2F7F165BBCA3EB2E4DFB01777D6A5F141623278C1BF74615C5A491092CE3FD1602
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248543677350473","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543677350474","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31344},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501474403","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":31656},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248543501454993","port":443,"protocol_str":"quic"},{"advertised_versions":[],"expiration":"13248543501454994","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":39369},"server":"https://www.googleapis.com","supports_spdy":true},

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\15ac4a3b-640c-4b53-b205-36086bc42ab4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5740
Entropy (8bit):	5.191354348290902
Encrypted:	false
SSDEEP:	96:ngCz7NMMzes1cKIeTok0JCKL8C0kr1UbOTQVuwn:ngCdMXscp4KF0krg
MD5:	04D2F4410818249D9317AB0ED679C207
SHA1:	5C95EC502D4548F06CF29FB2D71A5814DE84F182
SHA-256:	B1D7DBD0DD14A71D89DB9FE9A17C1DB0C00C3724C75211704362A040243FA134
SHA-512:	9C59B9118DB953AE0204D91D23ABF1477340B7D90F8ED14DC2235E1C2E4DFAE52829CE30B60FD10046A37775209D213B060948C1C7A3821D661B3AF16B00E66F
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271451505333490","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4976e8cd-4d06-47f0-8ad9-d0e7d230466d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22595
Entropy (8bit):	5.536065719209504
Encrypted:	false
SSDEEP:	384:r3jthLl7nX91kXqKf/pUZNCgVLH2HfDarUIHGrnTjWEQg4J:/Llj91kXqKf/pUZNCgVLH2Hf2rU8GrnI
MD5:	858CC956789A9D6F1FE6DCF3E9EDD8FA
SHA1:	0367FD80FE1EB33B73DBAC6736647794C9E7128D
SHA-256:	2A6C2FFCDDA519E0E05F99D26ABDDD18902CADA36183F60E9871EDFE84C8AB61
SHA-512:	2AAA9AA8EA3B6CBC9777159EF2CB7CC2C1E5196A9AB6C07D6844259FA0EF7D44F60E1A2DA5A7771C311F732BA031EF433DA08465DF84EEC8D763C1718F0E28CB
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271451505052454","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	334
Entropy (8bit):	5.18716000052125
Encrypted:	false
SSDEEP:	6:mUjUoG3+q2PWXp+N23iKKdK9RXXTZIFUtpdvqZmwPdkiVkwOWXp+N23iKKdK9RX3:tja3+va5Kk7XT2FUtpdvq/PdPV5f5KkT
MD5:	F147B0BA776AB5864AA9A4E02D02A83C
SHA1:	D2F4D57AC693BFEAE8707B369C5FB26DF649594F
SHA-256:	1EE2BF293EF31BF5E997AFDC555266D14B15430319B1C1FDAA9CC40928AF30D6
SHA-512:	997A6B182E243176FCF0FBAEBBB4CBAB8BBED761D36DA88B1AF8D3ED8F31B86F82BD02F9ECAD52FABBA4F482B8908D9226873577C1FA74C4042ED2866AD3B707
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:37.723 1adc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/07/22-11:18:37.727 1adc Recovering log #3.2021/07/22-11:18:37.728 1adc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	318
Entropy (8bit):	5.198933182181113
Encrypted:	false
SSDEEP:	6:mUi+q2PWXp+N23iKKdKyDZIFUtpdJZmwPd9VkwOWXp+N23iKKdKyJLJ:ti+va5Kk02FUtpdJ/Pd9V5f5KkWJ
MD5:	C28FC87DB905D7BD07D47ACF967CB1B9
SHA1:	5DDC743AF042EFF2E4826C99C8BEC5C204743D35
SHA-256:	16F41EF089BF7D3C63A6974B7F85AB41ACCB3F311F14BE1A758B7AE899FB62EC
SHA-512:	A160203C160A61DD349149677DCB70A395788D5A5487EEE02823D0BAAFF5E07BD8230F0A34F4EDF3425F5E39A293800A969185789CCF4EA4FF20DF86587E3DE8
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:37.518 1adc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/07/22-11:18:37.519 1adc Recovering log #3.2021/07/22-11:18:37.520 1adc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.6863571317626186
Encrypted:	false
SSDEEP:	12:TLyen4ufFdbXGwcFOaOndOtJRbGMNmt2SH/+eVpUHFxOUwae6:TLyqJLbXaFpEO5bNmISHn06Uwd
MD5:	1C0EAEEE6463CAE33B7A7CD9D9DF4DA5
SHA1:	FBC6A28A1501E40154FDC0A9D0C2F34A5F88AA65
SHA-256:	ED8AE7C5E6885874A39F4E86258F552670352A18D29BE1FF4D372A2F4CD06C8A
SHA-512:	355D19828609971998B09B36E7C7D304B7FB88C7A726670BEBF5CF2E2710F8E71B0F9DEF6FE9712B484C1EB122AEEEFDECF31D13E02C4539C399DFB86EC7619F
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12836
Entropy (8bit):	0.9687808973274461
Encrypted:	false
SSDEEP:	24:ygcLgAZOZD/JfqLbJLbXaFpEO5bNmISHn06UwP8:yg8NOZFq5LLOpEO5J/Kn7UU8
MD5:	8B8D53162A6583C453FE5C8A4E5D3260
SHA1:	35D943DDA09735FD6C6133FD4DEF64C54FBE79FE
SHA-256:	E3BBF72C4A4985757AB12478E59A7E5BCA8EA9DA38F7ED3B02A9A35AAAAAA14E
SHA-512:	51D6EC730DE3D67E5526EA8BEE82F3296B3313A3D1506D71F822B7399FB030D0B0EDC186034F1E3AEF25D37AD6CD3E0F359A7AFBD59BE9C4613236406FC1C567
Malicious:	false
Reputation:	low
Preview:	..............[.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1384
Entropy (8bit):	3.8987835162258766
Encrypted:	false
SSDEEP:	24:34SUxlrlA920ZswLHklj2Jy2BfOhdyOhyZ20ZBlLlL:34nxUZ1EEJglyTZTRL
MD5:	C3D207426414B306EC9C99CE45677DF1
SHA1:	618DC3937720DE170015A25685811E31B2884365
SHA-256:	A4FF94F50BFE8194296FCD2B506A81A85A5FF9D7109E0893931C9302306C0F47
SHA-512:	A219B1A58126A6CF7A258A15F359733477E3ADE08E7A76A9D0C4756228995DD1867950CB03318BA4EC2D3D32810D0CA20D70F491B71B22490D2BA76474118378
Malicious:	false
Reputation:	low
Preview:	SNSS....................................................!.............................................1..,.......$...461208dd_4556_4bf9_abc3_dd25f15c70ce.........................P................................................................................5..0.......&...{524A03AB-861D-4591-9B4E-BDD69F9D425A}.......................................;...https://fax2email.moveyourbody.com.au/?arnold.gruber@rvs.at.....................................................h.......`.........................................................mP......mP............................................~...;...h.t.t.p.s.:././.f.a.x.2.e.m.a.i.l...m.o.v.e.y.o.u.r.b.o.d.y...c.o.m...a.u./.?.a.r.n.o.l.d...g.r.u.b.e.r.@.r.v.s...a.t.......................N...h.t.t.p.s.:././.o.l.r.d.y.s.k.i.y.q.l.t.c.v.m...c.o.l.l.n.d.a.m.f.a.x...c.o.m./.e.z.t.h.i.j.q.h.o./.Y.X.J.u.b.2.x.k.L.m.d.y.d.W.J.l.c.k.B.y.d.n.M.u.Y.X.Q.=.....................................8.......0.......8....................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Reputation:	low
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.391736045892206
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB
MD5:	0A906A9A542CDF08FF50DAAF1D1E596E
SHA1:	B97D6274196F40874A368C265799F5FA78C52893
SHA-256:	EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D
SHA-512:	8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491A
Malicious:	false
Reputation:	low
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.247694099643283
Encrypted:	false
SSDEEP:	6:mU+QRF34q2PWXp+N23iKKdK8aPrqIFUtpdyPXZmwPdRkwOWXp+N23iKKdK8amLJ:tvRN4va5KkL3FUtpdyPX/PdR5f5KkQJ
MD5:	748844111B9E8D949C0083AB50DCAB45
SHA1:	E3EF527521182B47C276C978CF262630118488E1
SHA-256:	42B1908088B90D4ED6B898AEA13F00CCC3185F9FD465EDAB1D37D6283E1F1BA1
SHA-512:	60CF5F886455D96B054E4511BBF7720A82DBDCDAF32B85FB31461328407E5DDCC23A818D6473BE9CA1C379C802764F1A571D3708E05D86414C019572EFD89F5B
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:25.386 a54 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/07/22-11:18:25.387 a54 Recovering log #3.2021/07/22-11:18:25.388 a54 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A
SHA1:	FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7
SHA-256:	99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6
SHA-512:	86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C51
Malicious:	false
Reputation:	low
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.205026571087771
Encrypted:	false
SSDEEP:	6:mU39IN+q2PWXp+N23iKKdK8NIFUtpd3AZmwPd3XI39VkwOWXp+N23iKKdK8+eLJ:t3Lva5KkpFUtpd3A/Pd34z5f5KkqJ
MD5:	CEC0468F8C836304B4324F80261FA8C9
SHA1:	2A150831FCCD2F5C850EBA2495762BB6C225E547
SHA-256:	499791D872217FE102A11A39DE87BEF39D76D3EE667E5A160222B7E5AF2D9740
SHA-512:	3AF8C4E7A9CB9E9A4E8A8D32B6F7F3C1466836E5B9E8C02D34569EF2D98773C34A48B8D64384F6F9CCAA3A9F9170F20A4283E22DF6D652B5B2F83DDD9C02014D
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:27.733 de8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/07/22-11:18:27.735 de8 Recovering log #3.2021/07/22-11:18:27.739 de8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Reputation:	low
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Reputation:	low
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	372
Entropy (8bit):	5.265499247611589
Encrypted:	false
SSDEEP:	6:mUPddub+q2PWXp+N23iKKdK25+Xqx8chI+IFUtpdPlZmwPdPVcVkwOWXp+N23iKG:tHo+va5KkTXfchI3FUtpdd/PdmV5f5KN
MD5:	89DF843FF0FCCA7DF6AB915808F77C8F
SHA1:	E2F114AB9230213F5F86EBFDAF871D0486472725
SHA-256:	404D4828B8880178A256A5F14555F1716EA19C60FE79E8E78D7B5CBADEADE2D4
SHA-512:	47EFAF834A7C7DC5AFAF2A38D0655B815C530EB6171FA4F7094BCC0F820CDBC7DCC14348469CBBDD880558AC3FEE55C2273931660BF499CD61A55751BA625F54
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:37.488 1adc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/07/22-11:18:37.490 1adc Recovering log #3.2021/07/22-11:18:37.491 1adc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	358
Entropy (8bit):	5.221861875975536
Encrypted:	false
SSDEEP:	6:mUPfc+q2PWXp+N23iKKdK25+XuoIFUtpdPOZmwPdPDVkwOWXp+N23iKKdK25+Xu6:ts+va5KkTXYFUtpdW/Pd7V5f5KkTXHJ
MD5:	BF80D5416F737F0986E25B632CBFD55E
SHA1:	9DECF21706C1E73223A53E3F3FAAB0C6717E238E
SHA-256:	7AC0185C72F5655BAE44374BD7445B2F46085BBA8761F5695A9FB9AF05EAC1BC
SHA-512:	A69EBE61618511C717E221E079B38A1CDD285C54ADBF59CE52CDDD9D2269ECEEE25478B2196FEAB67A1A14ACA1D6F364482266ACD2987B935A76E785771F8D6B
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:37.475 1adc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/07/22-11:18:37.477 1adc Recovering log #3.2021/07/22-11:18:37.478 1adc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.2891283742396915
Encrypted:	false
SSDEEP:	6:mUPSG+q2PWXp+N23iKKdKWT5g1IdqIFUtpdP4qZmwPdPBw3VkwOWXp+N23iKKdKn:tqG+va5Kkg5gSRFUtpdR/Pd+3V5f5Kkn
MD5:	199F448D31C53B5578B7DECF0E207DA3
SHA1:	9C2BD28A4CEC68AB16F39BEEF6D08FD0046AB438
SHA-256:	A70A99F658BD62BB0A998BF2597CC511307FDFC3B81E39E962BD64454EBB6C33
SHA-512:	7C3FB97C846CDEB90BC2CB650F4CB80C009CA489E56E4FBCE44EB9E29026FC3D5524D47FFDAF09D9D8BBD9BA8E08032434AB6AF69F6A2839CB7010C8E5C38378
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:37.456 1adc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/07/22-11:18:37.458 1adc Recovering log #3.2021/07/22-11:18:37.459 1adc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.1318304864857052
Encrypted:	false
SSDEEP:	12:TL+A/y5fo9hVwt7ELNuQGGI/1l9hVwt7EB:TLxbhyeu9hy2
MD5:	A57C82E1106F9842A21C8892E6285A11
SHA1:	5B1FD5F10458CDAE2BE485802778CD0EF7FB6730
SHA-256:	3FE674A9D74F989266D37BCB45C91C82DC9C255586A393471433679394B6544F
SHA-512:	AB3FAC13568B5CCC934910F5462E36E93A57CBE70A83FF0DBEC23E0320EB4E6090EE17EA24EF6F4FD0CE762DEA5CE92B416416908F6C9B5FE01DA05D7DFC9616
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	667
Entropy (8bit):	5.428987956644217
Encrypted:	false
SSDEEP:	12:SuBd3HeKQqjyC2MW6dqeo+WARC+Sm6lYU1KzSyMBk778B/xgscRBDMo9hVwt7EJA:Zr31FjpAeh/RbSjl1KzS/Y78BJgscRBU
MD5:	8B0AE6CBB42B1B3463F82F2416BC538D
SHA1:	BFFE64E75B933693C597EEC4CDB59F53F396AF77
SHA-256:	C45E6CFBD937C0A48C8313DAF233DC91C9A43414B248DE2AD7BAE9792529C275
SHA-512:	A78DF56A6AB7A97CFA3D49360EF20F4DD121F17F47037176041C4855144495A9C4A8E00C836C8C67A571D2CD1D0BC3B46D6D0E25989B7D82DEB64373E9618923
Malicious:	false
Reputation:	low
Preview:	..........."T....collndamfax..com..ezthijqho..https..olrdyskiyqltcvm..yxjub2xklmdydwjlckbydnmuyxql......collndamfax......com......ezthijqho......https......olrdyskiyqltcvm......yxjub2xklmdydwjlckbydnmuyxq..2.........2........a........b........c...........d..........e........f........h.........i.........j.........k.........l..........m...........n.........o...........p........q..........r........s.........t..........u........v........w........x.........y.........z...:8........................................................Bv...r...... .......Nhttps://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=2.:...............J............$(2

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	42076
Entropy (8bit):	0.11687497566891593
Encrypted:	false
SSDEEP:	12:I99UNLx2NtwoqLBj/d3l9v4nMWQA9LuBQZ8fOw:GpqLBd3fgbNuTfR
MD5:	38FADB11D437DD99718B9FD0D3BA44A9
SHA1:	5BF59A186D3F11274C759A19A6D35F17EA57516C
SHA-256:	62E4BCC1350007B84665C14CA86AAA0580B3619374F7B99FC9F39BEF1629A3E5
SHA-512:	30BDCD1A463536FCDEADFE177075F91D902972ED61A7D15FD48A17F46A71F1CA9DE20AC26A73B9E9B111110B82D1953C32315ADE6D2DB6A940451166AA84F756
Malicious:	false
Reputation:	low
Preview:	............Y,1\|........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PARIX object not stripped
Category:	dropped
Size (bytes):	2955
Entropy (8bit):	5.4589373463670166
Encrypted:	false
SSDEEP:	48:6LYG4EFva72MN8dbAq63bQSefgGfNrS0U9RdiN9jEp:6AEZa72MmdbAq63bQ5fgGlrS05Ep
MD5:	565ADDDE92C89323D0BCCCCA6D2C410D
SHA1:	F5D32BA594B3852DC276B5E79C771A3B676CAF76
SHA-256:	4BD7B8BB91DFF0FB6F555AEF11CDD4E7B7244BF802D9EAD012A9A63CEA9EF175
SHA-512:	B2F2348B8461F2B352175146AF4DBC948675024264DD3080D54461D56DF8C624C43DF4BD7D94441CED0D20EB6E01502A7718ACFBC55312A92ED1050B245935F2
Malicious:	false
Reputation:	low
Preview:	.._....*............8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm............Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..425831000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-07-22 11:18:41.52][INFO][mr.Init] MR instance ID: 10aca129-2828-41aa-8dc5-81963b1bdcdb\n","[2021-07-22 11:18:41.52][INFO][mr.Init] Native Cast MRP is disabled.\n","[2021-07-22 11:18:41.52][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021-07-22 11:18:41.52][INFO][mr.PersistentDataManager] removeTemporary_: 163 chars used\n","[2021-07-22 11:18:41.52][INFO][mr.PersistentDataManager] initialize: 163 chars used, 67 other chars\n","[2021-07-22 11:18:41.52][INFO][mr.CastProvider] Query enabled: true\n","[2021-07-22 11:18:41.52][INFO][mr.CloudProvider]

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.21322218850305
Encrypted:	false
SSDEEP:	6:mU29+q2PWXp+N23iKKdK8a2jMGIFUtpdM9JZmwPdh39VkwOWXp+N23iKKdK8a2jz:tQ+va5Kk8EFUtpdMH/PdhNV5f5Kk8bJ
MD5:	75983BF34E2DA9A7A771F16B3093A804
SHA1:	F6A107EE46E63C8E618AFFB2EEBF25FA287C04B2
SHA-256:	42A96AEB214AABB8B531E04FA8FA372DC8D7B5987F826947133D59719EC74303
SHA-512:	A5B17853738FD9EB96AE83BB5FD64F953A54D823B6E7FEC6EC83FB977D14E9B6A64A283550CF834D78ED02CB295C71F9AE7AE7C4A9ABA4D8621F12BB8CF9C85F
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:25.059 16bc Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/07/22-11:18:25.064 16bc Recovering log #3.2021/07/22-11:18:25.072 16bc Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.21364905576543
Encrypted:	false
SSDEEP:	6:mUK+q2PWXp+N23iKKdKgXz4rRIFUtpdbZmwPdrFmVkwOWXp+N23iKKdKgXz4q8LJ:trva5KkgXiuFUtpdb/PdR25f5KkgX2J
MD5:	DEF693505D8E4E45F9581DA9A50A1C1E
SHA1:	A9AEF314CB2855AAAAE9C39C31F9E59B84E77CE6
SHA-256:	09942A9EC7FCECCB58541909133165639D800715BC3C440BA340D7D3325C7419
SHA-512:	744724CA3F1E103766596593D56A25776CE0BBC9B47EC38C6A13DA83587C5D481B858A9EBF3D6F83D81AA7FBAA8A4AE649B1D8C7378C95B6CF3689D1A028BD7A
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:25.407 de8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/07/22-11:18:25.411 de8 Recovering log #3.2021/07/22-11:18:25.412 de8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.1806524353643362
Encrypted:	false
SSDEEP:	48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGUwHoTRsmfoTRs3:wIElwQF8mpcS8szEtDVagOYo1
MD5:	65F8349E9C660ABA149E929C45C2EAC8
SHA1:	7D274377E26A775EB3AE2DFB8E30F79FDED14F64
SHA-256:	A284F8837776916BBD3F1FFD6791B38C34F56D4ECE9236BDFC47030424C3649D
SHA-512:	D5A4477C181923965B7C60E3371ABC23396FD8284807A8079C47AA476262AFF5A74101001E5AEE9ED1191FFAB0FF2CE3271E23F6D05C273A3CA85D2B42E312D6
Malicious:	false
Reputation:	low
Preview:	SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	21044
Entropy (8bit):	0.824468496408612
Encrypted:	false
SSDEEP:	48:jwqkIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGUm6:jwhIElwQF8mpcS3
MD5:	407DE1C52DA27E2E21A8A70E88D29F7D
SHA1:	2DC0B90D59B3B1C8A4FC1BA5C7560BE90403397B
SHA-256:	47E1239167388C7631C32C2C0C9402E6BD748A05D31E95BCF25801EA39AB4DD3
SHA-512:	E9CE1082CD74BC672FD88C7FFC37CF7A89A51213933ABFEF413C206FB471D8AE364868FCD548477CF6992D5532AF9E3160DC091F006AF2F934E00EE4CB8DCAA8
Malicious:	false
Reputation:	low
Preview:	.............AL.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljljljljljl:5ljljljljljl
MD5:	1B4FA89099996CE3C9E5A0A9768230E8
SHA1:	9026E1E0906E3B3FE0E414EE814CC5A042807A04
SHA-256:	537818AAFD0902A8B2D58B483674391E33E762B5E1E8CD226D873098CCE9C8F9
SHA-512:	4279C9380ACC5AB329EC6BCDA10CCF0A7437CEF63845B63E741CE517042CFE83340D2D362DD6B9E039BF55E61F484CCF72B8FD8477D1D0292E0B879CB949461B
Malicious:	false
Reputation:	low
Preview:	..&f.................&f.................&f.................&f.................&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	317
Entropy (8bit):	5.175697631739041
Encrypted:	false
SSDEEP:	6:mUyOq2PWXp+N23iKKdKrQMxIFUtpdUJZmwPdUDkwOWXp+N23iKKdKrQMFLJ:t/va5KkCFUtpdUJ/PdUD5f5KktJ
MD5:	48E5FDE0B59C257DBF8B7A90E7F647E6
SHA1:	81D2F3E0E6BE9FC83E2EFDF5711062A06CC5BC22
SHA-256:	5C78D543E1B999F9B8978FF8FDFD599AD505A2DFB2E0459E1525CE95C43E7CB6
SHA-512:	E731380B9B2F7442B93060EF059BE5A5DC07CB7BB1807F8C91871D6EA7B2981A3515A2925159E9BBE560C5696FC76018272725B223193F417B140E7A5F79ED22
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:25.304 da4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/07/22-11:18:25.308 da4 Recovering log #3.2021/07/22-11:18:25.308 da4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	345
Entropy (8bit):	5.201439088422912
Encrypted:	false
SSDEEP:	6:mUKq2PWXp+N23iKKdK7Uh2ghZIFUtpdpZmwPdHTPkwOWXp+N23iKKdK7Uh2gnLJ:tKva5KkIhHh2FUtpdp/PdzP5f5KkIhHd
MD5:	55B6ECDB30744182C2B0566342B26BFA
SHA1:	84F5741A388045FA7F598F60F7A5BC66B9FE8F0D
SHA-256:	A5A5701522B25CDD1F8D83A6B6D235B0CA894826B2F2B3D8CE02A3BFF59D97F4
SHA-512:	A5B5343B56BB8DFE8E3B08750DA3B75B781322444B2DE1EECEEF414C7C6E1FFADF9399284F005F14FCDCA3A9D46EFC6242B2D7D9C58452831EC3BA3EF809AB9C
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:25.036 864 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/07/22-11:18:25.038 864 Recovering log #3.2021/07/22-11:18:25.041 864 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\99522dd6-2ad0-4561-95d0-b5aac42c6965.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.985305467053914
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5qQlsDHF4xj70PpqQEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3Ky:YHO8sdBsB6MAsBdLJlyH7E4f3K33y
MD5:	C401B619D9D8E0ADABC25A47EE49CFBA
SHA1:	C9D3B816DD3FBCD98E9C0A32CEC7B501EFC0BBDA
SHA-256:	8F5D75F5EF9876E8D30CE477509F735B50C4D87DBEDB433BE8EDBE6D4B3CB82F
SHA-512:	BC12F16CB95CB0AD708C6BBD005EF863A8552613E612F1084086E0F8262752E1B5144D044F0D141CE8462CC33343C36B517A5CC778751680485D8F88FB51B862
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543490879170","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543490879171","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Reputation:	low
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	427
Entropy (8bit):	5.281018623109664
Encrypted:	false
SSDEEP:	6:mUERvL4q2PWXp+N23iKKdKusNpV/2jMGIFUtpdEQPZmwPdETDDkwOWXp+N23iKKZ:tERD4va5KkFFUtpdEQP/PdEfD5f5KkOJ
MD5:	4D46AD5A3D0E104598229E97C295CEBF
SHA1:	7A77E64DCF03676F01D5A10256B5DDE4F2C1B7B9
SHA-256:	64329C1CB36E29FFC851DCD52DDB36996034A661D09B816637C4F8FCBD2F089F
SHA-512:	95847CD9531281F077CE75C012AFD28EF1C6298FF4EFAB5C1CB40ED0B315B8A13C506BC093A29E78763F36C9180792E7FF946B27E66D2606A58E786726DDE525
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:25.374 a54 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/07/22-11:18:25.375 a54 Recovering log #3.2021/07/22-11:18:25.376 a54 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	429
Entropy (8bit):	5.282033291220441
Encrypted:	false
SSDEEP:	6:mUj1yq2PWXp+N23iKKdKusNpqz4rRIFUtpdlj1ZmwPdnVjRkwOWXp+N23iKKdKua:tEva5KkmiuFUtpdN1/Pd75f5Kkm2J
MD5:	1DA6179A9826BF1CB9DE7B77C9663A42
SHA1:	E070F82AA626E534498AFCFC55E16AF0C252AF31
SHA-256:	80F043C41485AB5F5F27592A012F2EE0814ABE356C43B8EF1AEB952FBF711BE0
SHA-512:	9843FFC01C72E19C4DB5739273FEC2519D7E38265BE60CB6A650E83C479FEF8A5BEDED4C8E712F0FD0A804D7E2EB109A6BE8A6DD0DF75AE223FC4CEF912B9759
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:25.404 bc0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/07/22-11:18:25.406 bc0 Recovering log #3.2021/07/22-11:18:25.408 bc0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Reputation:	low
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	415
Entropy (8bit):	5.244112296621617
Encrypted:	false
SSDEEP:	12:tkuDM+va5KkMFUtpdEg/PdzDMV5f5KkTJ:tzDda5KkUg7EUzD2f5Kkl
MD5:	445DF494ED7CC12FC54DB0DA9F39D8C2
SHA1:	A8FB02EDEA0F214E0EDBBDDA2D3CB06F558F5668
SHA-256:	C807BD564C0DC5366AFF2ACD9A7CA397A189424030ECCF94A323C4360123532E
SHA-512:	B19A25B798DD5F4778ED545995989B33BE91CDD7ADC73BFDBE20938FAB150C6FCC28D2CC4503226E7A121BB149C01F838B1BAB7AF254518EA58D171270B73988
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:41.718 78c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/07/22-11:18:41.720 78c Recovering log #3.2021/07/22-11:18:41.721 78c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\9653fab4-25a0-433a-ba70-76ec33ed42b1.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	420
Entropy (8bit):	4.954960881489904
Encrypted:	false
SSDEEP:	12:YHO8sdvBVSsB6M/BVSsBdLJlyH7E4f3K33y:YXsdvjX6gjXdL3yH7n/iy
MD5:	F4FEFEEEC722772F9DC0FCE1B52D79B5
SHA1:	00EECFA3B37113D30E7D43BE4383C540F3D93D4D
SHA-256:	D33E13C12004A700F246D8C73709114A881609D658E045D54DE36874728D07F0
SHA-512:	41E61EC89366800FD5F4DD704E53B47DE29411B9088B46349A0A350758D08569C14DCC70CF8D6A6FE6D049CB6D32F2B091153E8148A1B5857BD7AF13492071BE
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248543498399332","port":443,"protocol_str":"quic"},{"advertised_versions":[73],"expiration":"13248543498399332","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Reputation:	low
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	427
Entropy (8bit):	5.19547607189056
Encrypted:	false
SSDEEP:	12:tIhva5KkkGHArBFUtpdIR/PdIK5f5KkkGHAryJ:tQa5KkkGgPg7Stf5KkkGga
MD5:	55F2DEF18C889E1693BBF5267DF239C5
SHA1:	34A082516AE18127660C7F3A0364BAB38DDCF726
SHA-256:	425760457A88F9D7F7B36DC8B66F073AF6EF7C02AB800F3E7C2D6162C7B1898C
SHA-512:	51425C9218826FC4F828DD512B92ED56277F08227BAEE0E2938FE7BFA82FC2A952738273DED8E285D91BE034044A6452E00B9F2DACA9ED1C5ECF26ED6FF990E0
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:38.030 a54 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/07/22-11:18:38.031 a54 Recovering log #3.2021/07/22-11:18:38.032 a54 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.230123096178061
Encrypted:	false
SSDEEP:	12:tIkva5KkkGHArqiuFUtpdIaZ/PdI95f5KkkGHArq2J:txa5KkkGgCg718f5KkkGg7
MD5:	B9F4D61489C81296CA8563B5FB80FD2B
SHA1:	1BF5C0DBC9107C2B2947A70793723F148747CDA6
SHA-256:	DBAC2BDDD9872C042751DB75053BC845E6AC5946794F08D7FC059F925BFA9067
SHA-512:	433D049A64194BB0446D696EA7AD266008D1FC17C57CD38481884B0C774B8431908C60EF1B0735E86B2205A27D523643BB64859D44E5E63A890F0A46DA9A17B0
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:38.030 1754 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/07/22-11:18:38.031 1754 Recovering log #3.2021/07/22-11:18:38.032 1754 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Reputation:	low
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	415
Entropy (8bit):	5.216431120938226
Encrypted:	false
SSDEEP:	12:tcDM+va5KkkGHArAFUtpdyg/PdyuDMV5f5KkkGHArfJ:tcDda5KkkGgkg7yUZD2f5KkkGgV
MD5:	98667135D45CE5A13C4E81195BE50F2E
SHA1:	C16C4E3D2797776EF0EB74A1BCE02BE1E92D17F5
SHA-256:	D3F1C532D6CF9174837F70C68F38345054E99FF8EEE71315F1DA5FB8A022CDDB
SHA-512:	FB6EB5159222548FA5F178E425B2D9FE5D670F2E633C367A660732AD15B3500CEC53F38883AA6BB2B66543D854123942D992BC451C93FF7327533D9905702F52
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:53.516 78c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/07/22-11:18:53.518 78c Recovering log #3.2021/07/22-11:18:53.519 78c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Reputation:	low
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	321
Entropy (8bit):	5.275242179396331
Encrypted:	false
SSDEEP:	6:mUqSVq2PWXp+N23iKKdKpIFUtpdESgZmwPdujwIkwOWXp+N23iKKdKa/WLJ:tqOva5KkmFUtpdA/Pdi5f5KkaUJ
MD5:	E365D80D552953CF3C0676890B4B0D12
SHA1:	05A37A8A7E6E2BBC6D4934B49C99C6E37662431F
SHA-256:	39E59418CC1F3AB7AA2430CF6359078DF035F41A8D69DF1C0C5CF3A426862547
SHA-512:	7D4FA1900F4EB3DECBFFA1C2D2F9F41F1EC8484DF51A2C7E69FB50AB636BF2BD8BCD7BDD029DAA50C4E6ECE22DF2971CE50B4D584771565BB72336874EA8DCA3
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:25.033 6d4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/07/22-11:18:25.035 6d4 Recovering log #3.2021/07/22-11:18:25.037 6d4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	399
Entropy (8bit):	5.34427260067099
Encrypted:	false
SSDEEP:	12:t8DM+va5KkkOrsFUtpdrg/PdaDMV5f5KkkOrzJ:t8Dda5Kk+g7rUaD2f5Kkn
MD5:	540E4B87F26EC19A97BB84D94FD24EF8
SHA1:	B1F428038688935CBF6BBB371E5518245D917EAB
SHA-256:	9C57A11BF511FDBFB9AA88A961A13F58934546751CC12519FCF32ED3504668FD
SHA-512:	59AEE3F69C0BEA9874272A1F4204499E7170B7A18FB99D6BC9C1102600EBF9CACD952B2998F0EEE0ADC2CB0B8A53F3DB8FDEBA3A5AC74A493D9F8E3470CA71A6
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:41.492 78c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/07/22-11:18:41.493 78c Recovering log #3.2021/07/22-11:18:41.494 78c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.188721875540867
Encrypted:	false
SSDEEP:	3:eH/nTn:Y/T
MD5:	1C0DCF71BA310FD63229897F7350425F
SHA1:	BFE4178058E573A54072026B7EF98CA6653D4E79
SHA-256:	F3E8F9D22A46EF2EF357CD7D78AD14643B0E4A2F2010346304F89C8DC4EE590F
SHA-512:	E99312DF86DA10709F130644CE6B33257F7DAE95DABE355E6801189CBBB42969BEB7B615D30D5A32543F2DA9161B1243FB1BE6D126F46E579C517D736A6BCB00
Malicious:	false
Reputation:	low
Preview:	......q.!.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\abf4a563-2dcb-4c6b-90a6-a62e11f66c20.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	2042
Entropy (8bit):	4.888107187075314
Encrypted:	false
SSDEEP:	48:Y2TntwCXGDHz5siTsvRLsUtUx+4svDsiyKsk3gYhbD:JTnOCXGDHzpC1yx+vvtxhH
MD5:	235378E1E25C77ACCCA42A4F1CD48CF1
SHA1:	F63FD5A6DFCFBC505AF3339DDD277B6F542E3B58
SHA-256:	B2C71ACFDFC884F7B758BD7F8AED35349C8B3BF6951825CFC84ADB0E947B34C1
SHA-512:	04840A32ADEE2CD0B94014ED48CEA88EDF8C037B8817D508EA5BB492839B13231419ACFAB7946A738AA5EEE113B23EB7073C85DEF7E23E7B986159CE1179D099
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://play.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274043508337469","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://redirector.gvt1.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13274043508349399","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","suppo

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Reputation:	low
Preview:	MANIFEST-000004.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.5670447861713495
Encrypted:	false
SSDEEP:	3:tUKIKtjWTuoo1Zmwv32KtjcRLZSV8s2KtjcRLZSWGv:mUJ1ZmwPdJuSVvdJuStv
MD5:	7E71187AA741A1CBD98E345D890EA78F
SHA1:	FC60608EBA68FEA16D1DAFB9F28A1198197A6732
SHA-256:	32CEC53344DD76D249D7BBF8F81BCF245C757362CCD3B00C8757AD00143F2705
SHA-512:	51C62763A44A77DA967E31DE5A128241EE0FED0804A2C6E889C4177216F4075E69C53AC4D044CEA5CB24E6DF3B6AC56C5D9824CE03FDE452EC8D889671D7353A
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:37.236 1adc Recovering log #3.2021/07/22-11:18:37.294 1adc Delete type=0 #3.2021/07/22-11:18:37.294 1adc Delete type=3 #2.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MPEG-4 LOAS
Category:	dropped
Size (bytes):	50
Entropy (8bit):	5.028758439731456
Encrypted:	false
SSDEEP:	3:Ukk/vxQRDKIVmt+8jzn:oO7t8n
MD5:	031D6D1E28FE41A9BDCBD8A21DA92DF1
SHA1:	38CEE81CB035A60A23D6E045E5D72116F2A58683
SHA-256:	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
SHA-512:	E994CD3A8EE3E3CF6304C33DF5B7D6CC8207E0C08D568925AFA9D46D42F6F1A5BDD7261F0FD1FCDF4DF1A173EF4E159EE1DE8125E54EFEE488A1220CE85AF904
Malicious:	false
Reputation:	low
Preview:	V........leveldb.BytewiseComparator...#...........

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ecac80db-be0f-4587-9028-c189b3fe43a1.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.535945062129135
Encrypted:	false
SSDEEP:	384:r3jthLl7nX91kXqKf/pUZNCgVLH2HfDarUIHGgnTjW2g4/:/Llj91kXqKf/pUZNCgVLH2Hf2rU8GgnD
MD5:	8685A8646FBFF78FCF03BBC8E9EFDDAD
SHA1:	AC11F6F10A0846F746C9D41C3CCBC96E261A375B
SHA-256:	42AB6D35DA9E1A45BF0B0B2D3210EF65CA2CD7198E64CF6DF218910F58A0E3FE
SHA-512:	39AD1599629387466D4041D3BA57D12DA018925CB17F836ECEA5169EF4802B10C59020BEB328C2578E1D35CCF345C85FA6469FFA8B1ED51EC2CEBF649EB63ED2
Malicious:	false
Reputation:	low
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13271451505052454","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f895942c-12b5-4c1b-a92b-6c6441eb2fb7.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5118
Entropy (8bit):	4.982228499358541
Encrypted:	false
SSDEEP:	96:ngCzoXMpcKIeTok0JCKL8C0kr1hbOTQVuwn:ngCCMpcp4KF0krz
MD5:	2AD4F9A4D2EFDB30CDB759AFF811E23B
SHA1:	7038029078B573B8F7E3EA1BAF9AAE0713D2D314
SHA-256:	84AFF6B5E331C46D9A80569492C2AB9DFA485BF12C1B55FD972AC6E7631029BC
SHA-512:	530D59345E5DA431566DEB1EA90553E0AA204F55FA6A10E3261F2576B83D1A12E983E8D075F98CD217AC24E453481ED405DE871619629A9B069C627FDEDA474A
Malicious:	false
Reputation:	low
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13271451505333490","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245951485614034","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245951692116406","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","7355378"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f89d9fe9-97c8-4aae-9670-e11b2549bffe.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1039
Entropy (8bit):	5.564402759515832
Encrypted:	false
SSDEEP:	24:YI6H0UhVsTG1KUerkq/HeUeXby2qUeXvvs7wUeXV2RUenHQ:YI6UUhVseKUewqPeUer2Uefv6wUe4Uew
MD5:	3DF1B3BEF5A49D1DBE3CEFF6A9991476
SHA1:	3B992D7536B4590364EC2D5448345766D5AC2121
SHA-256:	DFCB59090D8709281A473B3619206313F337C7C807E7B4C6426B989A468EDA7B
SHA-512:	184A20E9E1326D7634EF9FEF14CA59CFB14DB422A7D5E6753ED1AC0F83CC0C7A66DC5CA3A8C79FC6415344F820DBACDF003EAF46DCB00291CD06F5E480BABF8C
Malicious:	false
Reputation:	low
Preview:	{"expect_ct":[],"sts":[{"expiry":1633014077.350499,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601478077.350503},{"expiry":1633014077.22511,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478077.225114},{"expiry":1633014092.4175,"host":"0J7rAWV0ouCFYJ9XrkDiKnAO1SshXJmLJE1SS3V8kDM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478092.417504},{"expiry":1633014091.91938,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.919383},{"expiry":1633014091.875486,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601478091.875498},{"expiry":1633014077.462534,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_obs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\febcbcaa-53c9-483f-a014-d5398697b3ac.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	338
Entropy (8bit):	5.198903153556896
Encrypted:	false
SSDEEP:	6:mUzq2PWXp+N23iKKdKfrzAdIFUtpdORYZmwPdZakwOWXp+N23iKKdKfrzILJ:tzva5Kk9FUtpdORY/Pd45f5Kk2J
MD5:	61B15E0042AA72CD53971DA6B721F8D3
SHA1:	421627AF58AB80BC906160FF259541A91CF700B9
SHA-256:	A82F0002BB1C7BEF0C4A364857CBA0EF2831EF98F9D04CBEA3ABA724BBA0A1DB
SHA-512:	4CD934E0098EEE1F4678CA020E32CB25A013D01555CEEFDE8F4D44012E607E0C289A5D92E0B7B774CCDFCC8CAE230D3607CC71BE61436A79D99DA4B7DA12CB0B
Malicious:	false
Reputation:	low
Preview:	2021/07/22-11:18:37.746 1410 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2021/07/22-11:18:37.747 1410 Recovering log #3.2021/07/22-11:18:37.748 1410 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	106
Entropy (8bit):	3.138546519832722
Encrypted:	false
SSDEEP:	3:tbloIlrJ5ldQxl7aXVdJiG6R0RlAl:tbdlrnQxZaHIGi0R6l
MD5:	DE9EF0C5BCC012A3A1131988DEE272D8
SHA1:	FA9CCBDC969AC9E1474FCE773234B28D50951CD8
SHA-256:	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
SHA-512:	CEA946EBEADFE6BE65E33EDFF6C68953A84EC2E2410884E12F406CAC1E6C8A0793180433A7EF7CE097B24EA78A1FDBB4E3B3D9CDF1A827AB6FF5605DA3691724
Malicious:	false
Reputation:	low
Preview:	C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e...e.x.e.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	13
Entropy (8bit):	2.8150724101159437
Encrypted:	false
SSDEEP:	3:Yx7:4
MD5:	C422F72BA41F662A919ED0B70E5C3289
SHA1:	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632
SHA-256:	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
SHA-512:	86010ED2B2EEBDCC5A8A076B37703669C294C6D1BFAAEA963E26A9C94B81B4C53EC765D9425E5B616159C43923F800A891F9B903659575DF02F8845521F8DC46
Malicious:	false
Reputation:	low
Preview:	85.0.4183.121

C:\Users\user\AppData\Local\Google\Chrome\User Data\af97afd1-f3b0-47db-b095-792cec021635.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174419
Entropy (8bit):	6.079583284155202
Encrypted:	false
SSDEEP:	3072:Rmi5phUtGnrszca1FLtEnNwi2rIhJxKnNSd/FcbXafIB0u1GOJmA3iuRe:0i5hnrszc0fZI/xKmaqfIlUOoSiuRe
MD5:	F6CFD7E617072926DAEB40D6CF82921B
SHA1:	2955219F701939BB74974E0A0A955BBD133B06F0
SHA-256:	5E9A1BB1B615789AAF2D288699BAB14AD40A96DB5A905CC755408FC177A0D5A8
SHA-512:	216B3ACEACFB28844A58A34CF23549A8FFEC4818B9AC2FE92E523D6B656FBC319635241071501F606EAB5B95DCD8FD9AC0844C500F19794C3DBE382AB317C0B9
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.62697790820285e+12,"network":1.62694551e+12,"ticks":5655503648.0,"uncertainty":4434819.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016607996"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\d4a592ab-6cc9-4dba-8b05-cdc9f58ad1cc.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	modified
Size (bytes):	95428
Entropy (8bit):	3.744993772783407
Encrypted:	false
SSDEEP:	384:5TylNToG/QffVU6pUNZrCvdX3GJTWH3uGa9rYLtNxmnzjirQRmI8aoHZtxCOTTFK:5uKdF+3geL8eLxDv0nLCLKxH9lk
MD5:	2B10FACBE9D8901F2191AE015AD22A60
SHA1:	D53253542A519C1E3EE043B03B1EB7AB9CA53A0E
SHA-256:	73F6DDE2A35F2215234FCF026CC4C225E7AC1DD0DA923D21F2B5CCC6DBD01F66
SHA-512:	80C4F6A472EB6C2CC0D08DD2F55CA4E1C9BCCF8621C969A40E9907A7DE37CB0ABBD24C1C51A2A25FF957FD2FB855E6A89146A4B3C6E9D477742F577F521C803A
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...r@8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\d7fb03be-2d20-4b46-bcc7-d07cccb32499.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	174419
Entropy (8bit):	6.07958195776127
Encrypted:	false
SSDEEP:	3072:dHV5phUtGnrszca1FLtEnNwi2rIhJxKnNSd/FcbXafIB0u1GOJmA3iuRe:lV5hnrszc0fZI/xKmaqfIlUOoSiuRe
MD5:	CCC684297CE4ECC3DBB7D02B18DFA4FF
SHA1:	89DB26FC76FE4D20E82F7C5CCEC86D256A2A29CB
SHA-256:	53C3351D9CEEA7AB6897217832E306E2B7540C724BD9BF8884E10C6CE4589FC4
SHA-512:	4715D72813460E4191F35A7F2209F36C61E1923720B7C4831B42686BAFE21EBDECD5C806B4BB2F3AEAF79B732CEF51626BA255CC5027DC923452304762200842
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.62697790820285e+12,"network":1.62694551e+12,"ticks":5655503648.0,"uncertainty":4434819.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABL95WKt94zTZq03WydzHLcAAAAAAIAAAAAABBmAAAAAQAAIAAAABAL2tyan+lsWtxhoUVdUYrYiwg8iJkppNr2ZbBFie9UAAAAAA6AAAAAAgAAIAAAABDv4gjLq1dOS7lkRG21YVXojnHhsRhNbP8/D1zs78mXMAAAAB045Od5v4BxiFP4bdRYJjDXn4W2fxYqQj2xfYeAnS1vCL4JXAsdfljw4oXIE4R7l0AAAABlt36FqChftM9b7EtaPw98XRX5Y944rq1WsGWcOPFyXOajfBL3GXBUhMXghJbDGb5WCu+JEdxaxLLxaYPp4zeP"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245951016024539"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\eb038a5f-188d-42db-9938-6fcdce268da6.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.7449757447066054
Encrypted:	false
SSDEEP:	384:JTylNToG/QffVU6pUNZrCvdX3GJTWH3uGa9rYLtNxmnzjirQRmIDoHZtxCOTTFNK:puKdF+3SeL8eLxDv0nLCLKxH9l+
MD5:	0D7E5E781CB955629FDDB386755FFA33
SHA1:	7FB5CD195AD7F5D121FDB957FB6C5DBD05470E0E
SHA-256:	E219DB7F1525D6B2FCEC32B2505AA74EAFF08E4AE5A9C11138335B032FCB393A
SHA-512:	F398298390D6CB17BD4176819E7D80F2222B29E8BB76124196A42D285DF0613D3F088C44D49E0C29241C28CD0E79FCEDDCAFE9870B1587BDFFA19AFDFFB95701
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n...r@8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Temp\25cee67e-8c57-43dc-abad-1579e978f1d2.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Temp\73160617-e393-48e9-b359-df677e59adf5.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Reputation:	low
Preview:	.

C:\Users\user\AppData\Local\Temp\7afbe181-447e-4839-8f4e-80de2aed508a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:	3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Reputation:	low
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\browser-sslkeys.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	9530
Entropy (8bit):	4.651533197918839
Encrypted:	false
SSDEEP:	192:0P0euXTNnulgmmS0xqzWFmz+mYmb7mNmk:08pTNulTOW6o+Je7k/
MD5:	E44C4F4F0A49E1D304C6F83EC568A4AE
SHA1:	D02A970F25D0AC28A9E48768700E3ED24860F1E4
SHA-256:	7EB441C9068318D10F5CAFE1783CB04196793F383D0010C18367F7E01BE4C6EC
SHA-512:	6B1375EEAECA8597FC77C98C0ACA462BC7F8F56F101EF85471B551E2AB4E80D131542B348EBE1ED306DA644E9E0D8105C9D2A59938C6EB6E964C9D04BC33CEE2
Malicious:	false
Reputation:	low
Preview:	CLIENT_HANDSHAKE_TRAFFIC_SECRET 0cff54a943803f59fd059d5c9a5cb3efb21eb3573c6de1a40b884eec9458452d 310ab200c25526d697d88f73599a1627a36f49dfd52f424b719f32b13c8d31f9.SERVER_HANDSHAKE_TRAFFIC_SECRET 0cff54a943803f59fd059d5c9a5cb3efb21eb3573c6de1a40b884eec9458452d c7ee9fcedf0685683d6d8214d794973025edbddba0f23154e6137348207d366d.CLIENT_HANDSHAKE_TRAFFIC_SECRET 625adf851aba9da754d612eb5b4ad006dd96c45a13794d1b759f492f93e2ee97 39322455b2cf8cc285b0a350ef87d15d2162c32be7c7ca60bb5d82050e84e2cd.SERVER_HANDSHAKE_TRAFFIC_SECRET 625adf851aba9da754d612eb5b4ad006dd96c45a13794d1b759f492f93e2ee97 9c040808d86325d2d8a28f6b767a41bad9805b9d01b83ea0f1edf072e9e7d58a.CLIENT_HANDSHAKE_TRAFFIC_SECRET ae5c7e3aa844deed533f3a26926274db9bb2a9096dbca0e69264e9b816a143db 48a345d4622785c755b5144cd6513dbed2bc244b43e65cbf1b554d641e30a4f4.SERVER_HANDSHAKE_TRAFFIC_SECRET ae5c7e3aa844deed533f3a26926274db9bb2a9096dbca0e69264e9b816a143db fda78eae8e0c8b9cac1090c01761a79960542e8e05a199af8783abc99d3294c6.CLIENT_TRAFFIC_SECRET_0 ae5c

C:\Users\user\AppData\Local\Temp\ec971ba0-bf00-4cd3-8b3e-331304dd1211.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	768843
Entropy (8bit):	7.992932603402907
Encrypted:	true
SSDEEP:	12288:cK2ED9wjXNC1Gse83ru82/u0eKhgxuPFrDXgtbPz54Pm1D0fBmfH1sBrJ9mTiDga:cK2ED9I48seur0/uZKCuPNbgtbz6m1ob
MD5:	A11D5CAF6BF849AEB84B0C95B1C3B7CF
SHA1:	27F410CCBD75852C01C7464A1FD7EF8C29BE3916
SHA-256:	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
SHA-512:	086C124DE3A01BE467647F3BCB4EA05105F690AB45417A0E3D38935ABA9E2381DF59AF98D0FFF7823CEFD5390B48807352E135AC70977AED7B413A8CC48FB590
Malicious:	false
Reputation:	low
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........6W..>Nuw9..R{c...Nq.H.K..A!....`v.k+..?.5.>v.....;.._~....tp....x.q.V...7.m.O.~.{!.o/q.'..BK..4./?'.....L..fH&.._<..&.p.k^..\s...:1y..F.N.+...X.PO@Mo....X.G1:..Y.@;..j..........=ae...0.......DU....n...n.;.Ipr..Q....:... <.....a.Y....{ei........0..0....H............0.......Mbh=.[O}.+..U.KHF(n3.\"...,g.c...6)..(.E...U...#.i.a..:...N.....P...x.O...(mC;\|.5.S.{m.aEx...[..fP.i`.y..5..R....v.$......l-m.............m....ni...`..W.....R.p.b.+...+.\k.R$e~.J\.&c%.d...M..j..V.%...+1F....D....X\.1ct.<........E.B.+.i@...8..^...&YR...I.o...,.....[0Y0....H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. D.'.N@.(..GK....m...A.0.."

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\7afbe181-447e-4839-8f4e-80de2aed508a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Google Chrome extension, version 3
Category:	dropped
Size (bytes):	248531
Entropy (8bit):	7.963657412635355
Encrypted:	false
SSDEEP:	3072:r+nmRykNgoldZ8GjJCiUXZSk+QSVh85PxEalRVHmcld9R6yYfEp4ABUGDcaKklrv:k3oF4Z4h45P99Fld9RBQYBVcaxlnfL
MD5:	541F52E24FE1EF9F8E12377A6CCAE0C0
SHA1:	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6
SHA-256:	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
SHA-512:	D779D78A15C5EFCA51EBD6B96A7CCB6D718741BDF7D9A37F53B2EB4B98AA1A78BC4CFA57D6E763AAB97276C8F9088940AC0476690D4D46023FF4BF52F3326C88
Malicious:	false
Reputation:	low
Preview:	Cr24..............0.."0....H.............0...........\7c.<........Fto.8.2'5..qk...%....2...C.F.9.#..e.xQ.......[...L\|....3>/....u.:T.7...(.yM...?V.<?........1.a...O?d.....A.H..'.MpB..T.m..Vn Ip..>k.\|1..n.<Fb..f..Q1.....s..2..{.6....Pp....obM..1.......b1.......(.u^.'z......v.F.W.X4."-eu...b.........\..F!...b...l5....zJ.q.......L].....w[T0.6....E.....r..%Z.vFm.9..5!,.~g5...;.t...']....+A.....u....k...e..&..l.6r[yU...%..f.......N..V.....<+.....l..}.{...z...)y.n..'..).....,.b....5.08K%..O.g..D.S.F5o..<(....>....\f..X..I..2."l...w....7f\|.~.c.4.E.......0..0....H............0.......).'..b.$w\$.q&.]zF_2..;...?.U,...W..L1.2...R..#....W.....c1k.$W..$.J....+M!.Hz.n`U.I)N.\|b.l....{.K@]6.LlP/....](.A..................I...).H....IQ.y.;MG.d..ix..#f.Z$\|..\|.?...0K...t"i..s...Y..%.Ky....0...{.!+.~v.;....J.....Z....).(6..@?v.;~..2..c....[0Y0....H.=.....H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...F0D. .0...\|!..A..L.+.=...kP.!.1..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\bg\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	796
Entropy (8bit):	4.864931792423268
Encrypted:	false
SSDEEP:	12:1HEJMLkSlwZGGMLkSlwZ+WYpU34f145Gb+dgoxTyO8ZpU34f1L0frhmJ03OyZnLt:1HE7n4gn8WYpYrbhz8ZpotHOGAOf6aD
MD5:	6F8E288A9AD5B1ED8633B430E2B4D4CA
SHA1:	F671D3D4BEFA431D1946D706F4192D44E29B6F08
SHA-256:	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
SHA-512:	0F87F3F0D115B872288949E59ACD3CD41B1FBC64A622D8FDA6D71FAFC5A900D92ADFBB0E7EB926F2A8759BBAA0896D48728FB719BBF5EF54AC21027328F7700C
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "........ . ... ........ .. Chrome".. },.. "app_name": {.. "message": "........ . ... ........ .. Chrome".. },.. "craw_app_unavailable": {.. "message": "........... .... ...... .. .............".. },.. "craw_connect_to_network": {.. "message": "...., ........ .. . ......".. },.. "iap_unavailable": {.. "message": "........... .... ...... .. .......... ....... .. .........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "...., ...... . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\ca\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	675
Entropy (8bit):	4.536753193530313
Encrypted:	false
SSDEEP:	12:1HEJ0gbbGG0gbb+WYpU34g3YbiLO+dgyGFoO8ZpU34+puiPmb03OyZnLAOfTYABk:1HE5baib6WYpm31Lt0Z8Zp8pxOGAOfKD
MD5:	1FDAFC926391BD580B655FBAF46ED260
SHA1:	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC
SHA-256:	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
SHA-512:	39D95D45C5746DA3BAA7AE6A3344EA17D7A7C3569C2A56959FF119261DA08C747A320FCF701AC72B8DBDBF8BF06FD8B239017A282CDDA444F3826D4EC672CBB4
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagaments de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Ara mateix aquesta aplicaci. no est. disponible.".. },.. "craw_connect_to_network": {.. "message": "Connecteu-vos a una xarxa.".. },.. "iap_unavailable": {.. "message": "La funci. Pagaments a l'aplicaci. no est. disponible actualment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicieu la sessi. a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\cs\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	641
Entropy (8bit):	4.698608127109193
Encrypted:	false
SSDEEP:	12:1HEJfZGGfZ+WYpU34OBh+dgN/O8ZpU34j05U03OyZnLAOfTYWc:1HEl4G8WYpdt8Zpq5TOGAOfW
MD5:	76DEC64ED1556180B452A13C83171883
SHA1:	CFB1E56FD587BCDC459C1D9A683B71F9849058F9
SHA-256:	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
SHA-512:	5230A217968D5DC463E2E92D704544311A721E5CEF65C3125CBD8DEB9C0293D3BFB5C820A6011ABF77095FDEE7DAF67D541DC202B0C9CDB0908CBB85D84885CB
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "app_name": {.. "message": "Platby Internetov.ho obchodu Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikace v sou.asn. dob. nen. dostupn..".. },.. "craw_connect_to_network": {.. "message": "P.ipojte se pros.m k s.ti.".. },.. "iap_unavailable": {.. "message": "Platby v aplikaci aktu.ln. nejsou k dispozici.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "P.ihlaste se do Chromu.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\da\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	624
Entropy (8bit):	4.5289746475384565
Encrypted:	false
SSDEEP:	12:1HEJJMKKFZGGJMKKFZ+WYpU34OHu+dgxlCZO8ZpU34J4Wu03OyZnLAOfTYzD:1HErMKfqMKVWYpM6lL8ZpDNOGAOfiD
MD5:	238B97A36E411E42FF37CEFAF2927ED1
SHA1:	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0
SHA-256:	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
SHA-512:	FD0742D47B5F5AB9AAD9B4C3D57F63CB693E060EECE123A72036C6E92156D099495C7E9E9CC6DC83EEBCDDCC4B4C81FB47E4C9559DA3EBA024780FFF10C53E0A
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Betalinger i Chrome Webshop".. },.. "app_name": {.. "message": "Betalinger i Chrome Webshop".. },.. "craw_app_unavailable": {.. "message": "Appen er ikke tilg.ngelig i .jeblikket.".. },.. "craw_connect_to_network": {.. "message": "Opret forbindelse til et netv.rk.".. },.. "iap_unavailable": {.. "message": "Betaling i appen er ikke tilg.ngelig i .jeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Log ind p. Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\de\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	651
Entropy (8bit):	4.583694000020627
Encrypted:	false
SSDEEP:	12:1HEJQ1ZGGQ1Z+WYpU34pCEMT+dgJMlCTO8ZpU34p6FK603OyZnLAOfTYJ6K:1HEzWWYp3Bewv8Zp7k4OGAOfQj
MD5:	6B3E916E8C1991AA0453CBA00FEDCAAA
SHA1:	D6366D15912E40CA107FD42BFE9579C3336A51F9
SHA-256:	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
SHA-512:	87EA4311B61F29543B13F3E17DFA919D0C320B4FE370CC152E0B1514BCA79B0ABB526DDCF08621D6EBFA48923EE8FB4C667EFB120A72BD9583EEBEE7BFB80552
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome Web Store-Zahlungen".. },.. "app_name": {.. "message": "Chrome Web Store-Zahlungen".. },.. "craw_app_unavailable": {.. "message": "Die App ist momentan nicht verf.gbar.".. },.. "craw_connect_to_network": {.. "message": "Bitte stellen Sie eine Verbindung zu einem Netzwerk her.".. },.. "iap_unavailable": {.. "message": "In-App-Zahlungen sind momentan nicht m.glich.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Bitte melden Sie sich in Chrome an.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\el\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	787
Entropy (8bit):	4.973349962793468
Encrypted:	false
SSDEEP:	24:1HEw+aZ+6WYpbWZe80A08ZpCGyDVWlOGAOf+XD:WguYpCZnpEZbGoD
MD5:	05C437A322C1148B5F78B2F341339147
SHA1:	AB53003A678E44A170E73711FBD9949833BBF3AA
SHA-256:	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
SHA-512:	C36CB9202A34356DD06D377E2A088F428D0B8EBE7D2E54F8380485E9D94A0598D7F651C1E7A2FD55BE481D49C02B0812F2BA335E08611EC85EE0BD60784A6B40
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "........ ... Chrome Web Store".. },.. "app_name": {.. "message": "........ ... Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": ". ........ .... .. ..... ... ..... ..........".. },.. "craw_connect_to_network": {.. "message": ".......... .. ... .......".. },.. "iap_unavailable": {.. "message": ".. ........ ..... ......... ... ..... ..... .. ...... ...........".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": ".......... ... Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\en\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.483686991119526
Encrypted:	false
SSDEEP:	12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
MD5:	91F5BC87FD478A007EC68C4E8ADF11AC
SHA1:	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
SHA-256:	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
SHA-512:	FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\en_GB\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	593
Entropy (8bit):	4.483686991119526
Encrypted:	false
SSDEEP:	12:1HEJ6GG6+WYpU34OuFpR+dgGfFZO8ZpU34aEGFpR03OyZnLAOfTYdD:1HEVSWYpVp0JS8Zp5KpaOGAOfuD
MD5:	91F5BC87FD478A007EC68C4E8ADF11AC
SHA1:	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6
SHA-256:	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
SHA-512:	FDC2A29B04E67DDBBD8FB6E8D2443E46BADCB2B2FB3A850BBD6198CDCCC32EE0BD8A9769D929FEEFE84D1015145E6664AB5FEA114DF5A864CF963BF98A65FFD9
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome Web Store Payments".. },.. "app_name": {.. "message": "Chrome Web Store Payments".. },.. "craw_app_unavailable": {.. "message": "App currently unavailable.".. },.. "craw_connect_to_network": {.. "message": "Please connect to a network.".. },.. "iap_unavailable": {.. "message": "In-App Payments is currently unavailable.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Please sign into Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\es\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	661
Entropy (8bit):	4.450938335136508
Encrypted:	false
SSDEEP:	12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34lPbdlVo03OyZnLAOfTY6xjD:1HEvaC6WYpcDeEFxq8ZpNl5OGAOffD
MD5:	82719BD3999AD66193A9B0BB525F97CD
SHA1:	41194D511F1ACC16C1CA828AC81C18C8C6B47287
SHA-256:	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
SHA-512:	D4C49B43427799B6292CEED11CACB1D76F7CE43EBF402B43B638A6EB2B414ED0981E386CB8CDF0B51D1BD9552934FE25B2F6392266BB73D8C9A691F65BCE0128
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "Los pagos en la aplicaci.n no est.n disponibles en este momento.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Inicia sesi.n en Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\es_419\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	637
Entropy (8bit):	4.47253983486615
Encrypted:	false
SSDEEP:	12:1HEJHlbGGHlb+WYpU34ubdDH+dgxbFxTO8ZpU34GLO03OyZnLAOfTYiJD:1HEvaC6WYpcDeEFxq8Zp4LlOGAOfvD
MD5:	6B2583D8D1C147E36A69A88009CBEBC7
SHA1:	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937
SHA-256:	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
SHA-512:	37F0DBFCC1B5A2B8E4C92C49D2D9DEEF25616421350324F57E0149A45A6CCB437F5E3CBE97412C4B5DBBF2593783C7DF71E9C25A851AEAE6E4764C545723FA53
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "app_name": {.. "message": "Sistema de pagos de Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Esta aplicaci.n no est. disponible en este momento.".. },.. "craw_connect_to_network": {.. "message": "Con.ctate a una red.".. },.. "iap_unavailable": {.. "message": "En este momento, Pagos En-Apps no est. disponible.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accede a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\et\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	595
Entropy (8bit):	4.467205425399467
Encrypted:	false
SSDEEP:	12:1HEJfPGGGfPG+WYpU34Ze7z+dgrW9O8ZpU34ZwZz03OyZnLAOfTYgoLIR:1HEdvqlWYpTeObk8ZpT/OGAOfuLIR
MD5:	CFF6CB76EC724B17C1BC920726CB35A7
SHA1:	14ED068251D65A840F00C05409D705259D329FFC
SHA-256:	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
SHA-512:	53D7D01BB30C0306DE65A79FD9551D2E8C1F71F4F45F71906B009071CB3E0F231E6A50FDD78773E9B4DE94085BC7B97F829842FA21A89A2080D33458B745C46F
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome'i veebipoe maksed".. },.. "app_name": {.. "message": "Chrome'i veebipoe maksed".. },.. "craw_app_unavailable": {.. "message": "Rakendus pole praegu saadaval.".. },.. "craw_connect_to_network": {.. "message": "Looge .hendus v.rguga.".. },.. "iap_unavailable": {.. "message": "Rakendusesisesed maksed ei ole praegu saadaval.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Logige Chrome'i sisse.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\fi\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	647
Entropy (8bit):	4.595421267152647
Encrypted:	false
SSDEEP:	12:1HEJRuzGGRuz+WYpU34ujSBu+dgYO8ZpU34J+Bu03OyZnLAOfTY5HN:1HEFcWYpPNa8ZpD+FOGAOfEHN
MD5:	3A01FEE829445C482D1721FF63153D16
SHA1:	F3EAAADDC03F943FC88B30B67F534AA13E3336DD
SHA-256:	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
SHA-512:	3B92B6C86D30FD36AA3CEFF8773BA60C3FC5CC19C693540137044C5838A5503895C770C0336A4D0A3DB5E42F3FB36274D8D3F85B9DCA2F3EC0E974FDDB0BEAD8
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome Web Storen maksut".. },.. "app_name": {.. "message": "Chrome Web Storen maksut".. },.. "craw_app_unavailable": {.. "message": "Sovellus ei ole t.ll. hetkell. k.ytett.viss..".. },.. "craw_connect_to_network": {.. "message": "Muodosta verkkoyhteys.".. },.. "iap_unavailable": {.. "message": "Sovelluksen sis.iset maksut eiv.t ole t.ll. hetkell. k.ytett.viss..".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Kirjaudu sis..n Chromeen.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\fil\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	658
Entropy (8bit):	4.5231229502550745
Encrypted:	false
SSDEEP:	12:1HEJADlbGGADlb+WYpU34hTUT+dgHfZAFFZO8ZpU34hTjzeT03OyZnLAOfTYHfvF:1HEYah6WYp7TUSoxOS8Zp7TOsOGAOfqV
MD5:	57AF5B654270A945BDA8053A83353A06
SHA1:	EEEF7A4F869F97CF471A05D345E74F982D15E167
SHA-256:	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
SHA-512:	5F0AE839FCF3F4EA48FF41A76655AE0F3821564AFD5D42FBB9FBB9A38E8D8F7BB5E9B6F71064588CD441261F644095A44A755C134CE546D506D9A21E488BAF52
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "app_name": {.. "message": "Mga Pagbabayad sa Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "Kasalukuyang hindi available ang app.".. },.. "craw_connect_to_network": {.. "message": "Mangyaring kumonekta sa isang network.".. },.. "iap_unavailable": {.. "message": "Kasalukuyang hindi available ang Mga Pagbabayad na In-App.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Mangyaring mag-sign in sa Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\fr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	677
Entropy (8bit):	4.552569602149629
Encrypted:	false
SSDEEP:	12:1HEJALf/nbGGALf/nb+WYpU34Owdgbyb+dgdQjO8ZpU34ITQpGnbyb03OyZnLAO8:1HE4Hna1Hn6WYpNdgpY8ZpSTQwnBOGAh
MD5:	8D11C90F44A6585B57B933AB38D1FFF8
SHA1:	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90
SHA-256:	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
SHA-512:	D7EF7F5AD7EF1A1595825D79B69E2B1E988AD3CF1F3881496FCCD30F241E4E9C6E457F9F5D0F855DE3536DB7A40C3E1C55946B50D3F556F4A35285066A0CD6F7
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "app_name": {.. "message": "Paiements via le Chrome.Web.Store".. },.. "craw_app_unavailable": {.. "message": "Application indisponible pour le moment.".. },.. "craw_connect_to_network": {.. "message": "Veuillez vous connecter . un r.seau.".. },.. "iap_unavailable": {.. "message": "Les paiements via l'application ne sont pas disponibles pour le moment.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Veuillez vous connecter . Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\hi\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	835
Entropy (8bit):	4.791154467711985
Encrypted:	false
SSDEEP:	24:1HEs07J0JWYp9vnCSVLP8Zp6CsOGAOf8SLm:Wh7qgYp1CMLUph1GiSLm
MD5:	E376D757C8FD66AC70A7D2D49760B94E
SHA1:	1525C5B1312D409604F097768503298EC440CC4D
SHA-256:	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
SHA-512:	673F3F259AF2946E4F49BBED14A2A70D44BF9FDA9D7A71DC9172BA9B7B3C7F7062B16D29682B638D485B0520ED6F99E7A735F28C7C719B539559005B69FA7555
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome ... ..... ......".. },.. "app_name": {.. "message": "Chrome ... ..... ......".. },.. "craw_app_unavailable": {.. "message": "......... .. ... ...... .... ...".. },.. "craw_connect_to_network": {.. "message": "..... ....... .. ...... .....".. },.. "iap_unavailable": {.. "message": "..-.. ...... ... ...... .... ...".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "..... Chrome ... .... .. .....".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\hr\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	618
Entropy (8bit):	4.56999230891419
Encrypted:	false
SSDEEP:	12:1HEJGiimxmbZGGGiimxmbZ+WYpU34OBOEuhopIO+dgcapZO8ZpU34GiiZrMrQphK:1HE4H4TH8WYpNjTta28ZpQVLP0SOGAOK
MD5:	8185D0490C86363602A137F9A261CC50
SHA1:	5BD933B874441CEACB9201CCC941FF67BAED6DC0
SHA-256:	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
SHA-512:	D7629978FC031EA5F716F9C1065FB2FEAB48C15F10CD68830DC966FA1002C03DDC7ACDE314C7D075F9F3A0A68552A6ACBCCDEE24CF20B6C3DD1BCE6562D0396E
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "app_name": {.. "message": "Pla.anja u web-trgovini Chrome".. },.. "craw_app_unavailable": {.. "message": "Aplikacija trenuta.no nije dostupna.".. },.. "craw_connect_to_network": {.. "message": "Pove.ite se s mre.om.".. },.. "iap_unavailable": {.. "message": "Pla.anje u aplikaciji trenuta.no nije dostupno.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prijavite se na Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\hu\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	683
Entropy (8bit):	4.675370843321512
Encrypted:	false
SSDEEP:	12:1HEJVJiGGVJi+WYpU34Hpo9O+dgMmfgijO8ZpU34Huo9O03OyZnLAOfTYBIAYm:1HEVrk5WYpQzTUg/8ZpwoXOGAOfYIAd
MD5:	85609CF8623582A8376C206556ED2131
SHA1:	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12
SHA-256:	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
SHA-512:	27883430865D3CFA6EDFE8C6CE1442BD96150B5CE520CCF7D556A330CAA6392C712B47BD86F7350E174876BC681F6DEC94D1312402655B0AF90883A2899EC78B
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "app_name": {.. "message": "Chrome Internetes .ruh.z Fizet.si rendszere".. },.. "craw_app_unavailable": {.. "message": "Az alkalmaz.s jelenleg nem .rhet. el.".. },.. "craw_connect_to_network": {.. "message": "K.rj.k, csatlakozzon egy h.l.zathoz.".. },.. "iap_unavailable": {.. "message": "Az alkalmaz.son bel.li fizet.s jelenleg nem .rhet. el.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Jelentkezzen be a Chrome-ba.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\id\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	604
Entropy (8bit):	4.465685261172395
Encrypted:	false
SSDEEP:	12:1HEJs25bGGs25b+WYpU34ORBHAeSJ+dgkmO8ZpU34s22C/SzFAs03OyZnLAOfTYR:1HEBaA6WYpaHFH8ZptOYOGAOf2D
MD5:	EAB2B946D1232AB98137E760954003AA
SHA1:	60BDC2937905B311D2C9844DF2D639D7AC9F7F67
SHA-256:	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
SHA-512:	970FEC9A9EF0BAF7F693C4C5977F3B47914579C5B5414FCE9DBB5E4574659A5BB9AD2DE0CC886B368F49C019785AF7D2D7FE82F71341F039EADC399ED776CA12
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Pembayaran Chrome Webstore".. },.. "app_name": {.. "message": "Pembayaran Chrome Webstore".. },.. "craw_app_unavailable": {.. "message": "Aplikasi tidak tersedia saat ini.".. },.. "craw_connect_to_network": {.. "message": "Sambungkan ke jaringan.".. },.. "iap_unavailable": {.. "message": "Pembayaran Dalam Aplikasi saat ini tidak tersedia.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Harap masuk ke Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\it\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	603
Entropy (8bit):	4.479418964635223
Encrypted:	false
SSDEEP:	12:1HEJsqd/bGGsqd/b+WYpU34OcX4+dgUvIO8ZpU34vq703OyZnLAOfTYsD:1HEXd/aKd/6WYpZrv58ZpskOGAOfzD
MD5:	A328EEF5E841E0C72D3CD7366899C5C8
SHA1:	2851ED658385804E87911643F5A4200B1FB26E13
SHA-256:	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
SHA-512:	E47297896E981774EC3B59D41B89D6BA9333F6B4435EB9727D8645A46B10C7D408ADE06844871FA757382FBE7E645276449DB7B1B23BC59C9A71A5CB5A5ECC57
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Pagamenti Chrome Web Store".. },.. "app_name": {.. "message": "Pagamenti Chrome Web Store".. },.. "craw_app_unavailable": {.. "message": "App al momento non disponibile.".. },.. "craw_connect_to_network": {.. "message": "Collegati a una rete.".. },.. "iap_unavailable": {.. "message": "La funzione Pagamenti In-App non . al momento disponibile.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Accedi a Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\ja\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	697
Entropy (8bit):	5.20469020877498
Encrypted:	false
SSDEEP:	12:1HEJ07uGG07u+WYpU34DB+dgnsVztO8ZpU34MwiB03OyZnLAOfTYmSH:1HEcnDNWYp1kxU8Zp2wiqOGAOfpSH
MD5:	9B3A5D473C3F2BBFAEECE94A07A940B8
SHA1:	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA
SHA-256:	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
SHA-512:	94F6FEE9A11BD890AB8211C98D1CC142348961EBCF756F66477A3E3A76519804B70BE0AE4E551739F8AFE32D7ADE6EDE04EF6B9B9EED03E3A857E6058EEDD4C6
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome ........".. },.. "app_name": {.. "message": "Chrome ........".. },.. "craw_app_unavailable": {.. "message": ".................".. },.. "craw_connect_to_network": {.. "message": "................".. },.. "iap_unavailable": {.. "message": ".......................".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome ............".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\ko\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	631
Entropy (8bit):	5.160315577642469
Encrypted:	false
SSDEEP:	12:1HEJ1GG1+WYpU34K3aT+dgh8d0HTO8ZpU34KaNkaT03OyZnLAOfTY/YeHx:1HEajWYpc3aSl0Hq8Zpc6kasOGAOfyYA
MD5:	9F6B4D82A70C74CA751E2EAE70FAB5CF
SHA1:	0534F125FFCE8222277CF2BE3401C59DAF9217F8
SHA-256:	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
SHA-512:	ED9319830314385D09C06F62EE34186E8CA576C857981205E4468A28B3ACD2AB03384E77B866032C324ABDD97A56EFD08E2D6E0C79D563578B3EC52517819BD8
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome . ... ..".. },.. "app_name": {.. "message": "Chrome . ... ..".. },.. "craw_app_unavailable": {.. "message": ".. .. ... . .....".. },.. "craw_connect_to_network": {.. "message": "..... ......".. },.. "iap_unavailable": {.. "message": ".. .. ... ... . .....".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Chrome. .......".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\lt\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	665
Entropy (8bit):	4.66839186029557
Encrypted:	false
SSDEEP:	12:1HEJpqHnkGGpqHnk+WYpU346M+dgV6O8ZpU34WzSWz03OyZnLAOfTYx:1HELqHtKqHPWYpM3A8ZpwGzOGAOfg
MD5:	4CA644F875606986A9898D04BDAE3EA5
SHA1:	722A10569E93975129D67FBDB75B537D9D622AD1
SHA-256:	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
SHA-512:	E575E3D0622F5BD4B6C0EE79128A1B1F1882195670139D1983F4377D847141B8FB8EBB8BCED82AF3A220ED07D3577AFBE085BADC0E9C7678292B80E3EC5D3444
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "app_name": {.. "message": ".Chrome. internetin.s parduotuv.s mok.jimo sistema".. },.. "craw_app_unavailable": {.. "message": "Programa .iuo metu negalima.".. },.. "craw_connect_to_network": {.. "message": "Prisijunkite prie tinklo.".. },.. "iap_unavailable": {.. "message": "Mok.jimai programoje .iuo metu negalimi.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Prisijunkite prie .Chrome..".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\lv\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	671
Entropy (8bit):	4.631774066483956
Encrypted:	false
SSDEEP:	12:1HEJFhVbGGFhVb+WYpU34wDoz+dgGedBO8ZpU34wF03OyZnLAOfTYGYID:1HENQKkWYp2Doy/em8Zp2WOGAOfRYID
MD5:	C5CE2C51391EAFD3DA9E4C71549A3C28
SHA1:	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D
SHA-256:	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
SHA-512:	C85F6281E682F52BC2147DEA7E2F3BB4DC48D98BADA8687B05C6C7271C78EA7F5431CD51671A4184C9AE004FC53C016E3C594697F483195CCBA08A93821EEF70
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "app_name": {.. "message": "Chrome interneta veikala maks.jumu sist.ma".. },.. "craw_app_unavailable": {.. "message": "Lietotne pagaid.m nav pieejama.".. },.. "craw_connect_to_network": {.. "message": "L.dzu, izveidojiet savienojumu ar t.klu.".. },.. "iap_unavailable": {.. "message": "Maks.jumi lietotn.s pa.laik nav pieejami.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "L.dzu, pierakstieties p.rl.k. Chrome.".. }..}..

C:\Users\user\AppData\Local\Temp\scoped_dir2540_1047339833\CRX_INSTALL\_locales\nb\messages.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	624
Entropy (8bit):	4.555032032637389
Encrypted:	false
SSDEEP:	12:1HEJhiOGGhiO+WYpU34OHSN+dgFjdGFZO8ZpU34JgdN03OyZnLAOfTYiD:1HEDiHIitWYpCYJ8ZpD1OGAOfRD
MD5:	93C459A23BC6953FF744C35920CD2AF9
SHA1:	162F884972103A08ADB616A7EB3598431A2924C5
SHA-256:	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
SHA-512:	F76E6E8D8499306883C3EC1E774F7E8BB6B601096DA5A14D17D3E7D5732829542041E42B7350466589291ADCC83FB065FD591B4E20CFCF8EDC586E128ECBFCB5
Malicious:	false
Reputation:	low
Preview:	{.. "app_description": {.. "message": "Chrome Nettmarked-betalinger".. },.. "app_name": {.. "message": "Chrome Nettmarked-betalinger".. },.. "craw_app_unavailable": {.. "message": "Appen er utilgjengelig for .yeblikket.".. },.. "craw_connect_to_network": {.. "message": "Du m. koble til et nettverk.".. },.. "iap_unavailable": {.. "message": "Betaling i app er ikke tilgjengelig for .yeblikket.".. },.. "jwt_retrieve_failed": {.. "message": "The transaction could not be completed.".. },.. "please_sign_in": {.. "message": "Du m. logge p. Chrome.".. }..}..

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 22, 2021 11:18:28.421996117 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:28.422291040 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:28.433167934 CEST	49710	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:28.471903086 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:28.472091913 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:28.475208998 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:28.475357056 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:28.522746086 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:28.523063898 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:28.573481083 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:28.575907946 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:28.585733891 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:28.585761070 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:28.585853100 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:28.588164091 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:28.588186026 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:28.588202000 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:28.588217974 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:28.588301897 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:28.655348063 CEST	49712	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:28.722151041 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:28.722349882 CEST	49710	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:28.722567081 CEST	49710	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:28.943355083 CEST	443	49712	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:28.943526030 CEST	49712	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:28.943912983 CEST	49712	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.003109932 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:29.006092072 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:29.006402969 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:29.006644964 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:29.006923914 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:29.007046938 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:29.007096052 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:29.014317036 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.015523911 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.015568018 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.015605927 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.015635014 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.015671015 CEST	49710	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.015716076 CEST	49710	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.016717911 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.029992104 CEST	49710	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.030473948 CEST	49710	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.057470083 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:29.057689905 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:29.057952881 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:29.058054924 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:29.058101892 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:29.058600903 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:29.060527086 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:29.066478014 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:29.079921961 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:29.079962015 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:29.079991102 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:29.080019951 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:29.080048084 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:29.080094099 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:29.080255985 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:29.080327034 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:29.080571890 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:29.080601931 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:29.080641031 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:29.080642939 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:29.080662012 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:29.107844114 CEST	49709	443	192.168.2.3	172.217.168.45
Jul 22, 2021 11:18:29.108000040 CEST	49708	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:29.112873077 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:29.115433931 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:29.159425020 CEST	443	49709	172.217.168.45	192.168.2.3
Jul 22, 2021 11:18:29.161861897 CEST	443	49708	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:29.237715960 CEST	443	49712	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.238630056 CEST	443	49712	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.238661051 CEST	443	49712	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.238687992 CEST	443	49712	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.238707066 CEST	443	49712	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.238725901 CEST	49712	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.238779068 CEST	49712	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.240972042 CEST	443	49712	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.248765945 CEST	49712	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.318835974 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.318881035 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.318995953 CEST	49710	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.546120882 CEST	443	49712	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.546160936 CEST	443	49712	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.546287060 CEST	49712	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:29.811321020 CEST	443	49710	27.121.68.114	192.168.2.3
Jul 22, 2021 11:18:29.950912952 CEST	49710	443	192.168.2.3	27.121.68.114
Jul 22, 2021 11:18:30.252695084 CEST	49719	443	192.168.2.3	182.160.154.94
Jul 22, 2021 11:18:30.253475904 CEST	49720	443	192.168.2.3	182.160.154.94
Jul 22, 2021 11:18:30.419377089 CEST	49722	443	192.168.2.3	182.160.154.94
Jul 22, 2021 11:18:30.529534101 CEST	443	49719	182.160.154.94	192.168.2.3
Jul 22, 2021 11:18:30.529699087 CEST	49719	443	192.168.2.3	182.160.154.94
Jul 22, 2021 11:18:30.529850006 CEST	49719	443	192.168.2.3	182.160.154.94
Jul 22, 2021 11:18:30.537214041 CEST	443	49720	182.160.154.94	192.168.2.3
Jul 22, 2021 11:18:30.537383080 CEST	49720	443	192.168.2.3	182.160.154.94
Jul 22, 2021 11:18:30.537612915 CEST	49720	443	192.168.2.3	182.160.154.94
Jul 22, 2021 11:18:30.703397036 CEST	443	49722	182.160.154.94	192.168.2.3
Jul 22, 2021 11:18:30.703527927 CEST	49722	443	192.168.2.3	182.160.154.94
Jul 22, 2021 11:18:30.704181910 CEST	49722	443	192.168.2.3	182.160.154.94
Jul 22, 2021 11:18:30.806587934 CEST	443	49719	182.160.154.94	192.168.2.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 22, 2021 11:18:17.494519949 CEST	53	51281	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:22.521580935 CEST	49199	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:22.573646069 CEST	53	49199	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:23.762777090 CEST	50620	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:23.819830894 CEST	53	50620	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:26.540610075 CEST	64938	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:26.592761040 CEST	53	64938	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:28.355602026 CEST	55984	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:28.356945992 CEST	64185	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:28.366839886 CEST	65110	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:28.370503902 CEST	58361	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:28.415431023 CEST	53	55984	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:28.417959929 CEST	53	64185	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:28.430551052 CEST	53	58361	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:28.432634115 CEST	53	65110	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:29.080418110 CEST	63492	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:29.147372961 CEST	53	63492	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:29.287883043 CEST	60100	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:29.344974995 CEST	53	60100	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:29.877855062 CEST	53195	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:30.010560036 CEST	50141	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:30.060702085 CEST	53	50141	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:30.251316071 CEST	53	53195	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:30.255624056 CEST	53023	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:30.315805912 CEST	53	53023	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:30.990309954 CEST	49563	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:31.050486088 CEST	53	49563	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:31.322917938 CEST	51352	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:31.377723932 CEST	53	51352	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:32.679941893 CEST	57568	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:32.739723921 CEST	53	57568	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:34.264292955 CEST	57762	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:34.313731909 CEST	53	57762	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:35.484375000 CEST	55435	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:35.543880939 CEST	53	55435	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:36.663621902 CEST	50713	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:36.715352058 CEST	53	50713	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:37.839760065 CEST	56132	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:37.863462925 CEST	56134	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:37.892131090 CEST	53	56132	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:37.925843954 CEST	443	56134	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:37.925915003 CEST	443	56134	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:37.925955057 CEST	443	56134	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:37.926575899 CEST	56134	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:37.928853035 CEST	56134	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:37.930233955 CEST	56134	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:38.003731966 CEST	443	56134	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:38.004447937 CEST	56134	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:38.020730019 CEST	443	56134	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:38.020772934 CEST	443	56134	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:38.020800114 CEST	443	56134	142.250.203.110	192.168.2.3
Jul 22, 2021 11:18:38.021225929 CEST	56134	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:38.048394918 CEST	56134	443	192.168.2.3	142.250.203.110
Jul 22, 2021 11:18:38.129635096 CEST	58987	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:38.186476946 CEST	53	58987	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:42.077843904 CEST	56579	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:42.135049105 CEST	53	56579	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:42.409512043 CEST	60633	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:42.461714983 CEST	53	60633	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:45.371154070 CEST	61292	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:45.420623064 CEST	53	61292	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:47.396323919 CEST	63619	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:47.445446014 CEST	53	63619	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:48.624007940 CEST	64938	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:48.685774088 CEST	53	64938	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:49.227884054 CEST	58722	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:49.228003025 CEST	56596	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:49.237068892 CEST	64101	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:49.280678988 CEST	53	58722	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:49.285099983 CEST	53	56596	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:49.286144018 CEST	53	64101	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:49.715630054 CEST	61946	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:49.765216112 CEST	53	61946	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:50.950498104 CEST	64910	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:51.007844925 CEST	53	64910	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:52.276070118 CEST	52123	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:52.325675964 CEST	53	52123	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:52.783938885 CEST	56130	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:52.841305017 CEST	53	56130	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:52.943139076 CEST	56338	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:52.993417025 CEST	53	56338	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:54.131846905 CEST	59420	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:54.194530010 CEST	58784	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:54.245368004 CEST	53	58784	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:54.275098085 CEST	53	59420	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:55.361500025 CEST	63978	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:55.412457943 CEST	53	63978	8.8.8.8	192.168.2.3
Jul 22, 2021 11:18:56.889134884 CEST	62938	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:18:56.949115038 CEST	53	62938	8.8.8.8	192.168.2.3
Jul 22, 2021 11:19:10.053323984 CEST	55708	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:19:10.130779982 CEST	53	55708	8.8.8.8	192.168.2.3
Jul 22, 2021 11:19:26.169064999 CEST	56803	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:19:26.234066963 CEST	53	56803	8.8.8.8	192.168.2.3
Jul 22, 2021 11:19:26.559284925 CEST	55359	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:19:26.619318008 CEST	53	55359	8.8.8.8	192.168.2.3
Jul 22, 2021 11:19:26.742854118 CEST	58306	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:19:26.803620100 CEST	53	58306	8.8.8.8	192.168.2.3
Jul 22, 2021 11:19:27.317244053 CEST	64124	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:19:27.373876095 CEST	53	64124	8.8.8.8	192.168.2.3
Jul 22, 2021 11:19:27.376091003 CEST	49361	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:19:27.442579985 CEST	53	49361	8.8.8.8	192.168.2.3
Jul 22, 2021 11:19:30.985629082 CEST	63150	53	192.168.2.3	8.8.8.8
Jul 22, 2021 11:19:31.044588089 CEST	53	63150	8.8.8.8	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 22, 2021 11:18:28.355602026 CEST	192.168.2.3	8.8.8.8	0x692c	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Jul 22, 2021 11:18:28.356945992 CEST	192.168.2.3	8.8.8.8	0x333e	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Jul 22, 2021 11:18:28.370503902 CEST	192.168.2.3	8.8.8.8	0xe95a	Standard query (0)	olrdyskiyqltcvm.collndamfax.com	A (IP address)	IN (0x0001)
Jul 22, 2021 11:18:29.877855062 CEST	192.168.2.3	8.8.8.8	0x8e9e	Standard query (0)	fax2email.moveyourbody.com.au	A (IP address)	IN (0x0001)
Jul 22, 2021 11:18:38.129635096 CEST	192.168.2.3	8.8.8.8	0x6864	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Jul 22, 2021 11:18:28.415431023 CEST	8.8.8.8	192.168.2.3	0x692c	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 11:18:28.415431023 CEST	8.8.8.8	192.168.2.3	0x692c	No error (0)	clients.l.google.com		142.250.203.110	A (IP address)	IN (0x0001)
Jul 22, 2021 11:18:28.417959929 CEST	8.8.8.8	192.168.2.3	0x333e	No error (0)	accounts.google.com		172.217.168.45	A (IP address)	IN (0x0001)
Jul 22, 2021 11:18:28.430551052 CEST	8.8.8.8	192.168.2.3	0xe95a	No error (0)	olrdyskiyqltcvm.collndamfax.com		27.121.68.114	A (IP address)	IN (0x0001)
Jul 22, 2021 11:18:30.251316071 CEST	8.8.8.8	192.168.2.3	0x8e9e	No error (0)	fax2email.moveyourbody.com.au		182.160.154.94	A (IP address)	IN (0x0001)
Jul 22, 2021 11:18:38.186476946 CEST	8.8.8.8	192.168.2.3	0x6864	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Jul 22, 2021 11:18:38.186476946 CEST	8.8.8.8	192.168.2.3	0x6864	No error (0)	googlehosted.l.googleusercontent.com		142.250.203.97	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 2540 Parent PID: 1004

General

Start time:	11:18:24
Start date:	22/07/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ='
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Analysis Process: chrome.exe PID: 4720 Parent PID: 2540

General

Start time:	11:18:25
Start date:	22/07/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,12725805788268941494,2024101114354921593,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1684 /prefetch:8
Imagebase:	0x7ff77b960000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report https://olrdyskiyqltcvm.collndamfax.com/ezthijqho/YXJub2xkLmdydWJlckBydnMuYXQ=

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

No static file info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 2540 Parent PID: 1004

General

Analysis Process: chrome.exe PID: 4720 Parent PID: 2540

General

Disassembly