Play interactive tour

Edit tour

Windows Analysis Report HSBC_Payment_slip_for Outstanding 001005l.htm

Overview

General Information

Sample Name:	HSBC_Payment_slip_for Outstanding 001005l.htm
Analysis ID:	458936
MD5:	b61772141ff432e58420e5e499994567
SHA1:	29b5db79051c197028403a38cd3a1bc61f5eec37
SHA256:	ed22a74873af2f35b12b50548f25a43e2db46ddbe406a9033b2c86cc05f3cc11
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Yara detected HtmlPhish10

Yara detected HtmlPhish14

Yara detected HtmlPhish44

HTML document with suspicious name

HTML document with suspicious title

Phishing site detected (based on image similarity)

Phishing site detected (based on logo template match)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6988 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\HSBC_Payment_slip_for Outstanding 001005l.htm' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 5080 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,14998763898602745597,3575006488296636630,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
HSBC_Payment_slip_for Outstanding 001005l.htm	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Multi AV Scanner detection for submitted file

Show sources

Source: HSBC_Payment_slip_for Outstanding 001005l.htm

Virustotal: Detection: 11%

Perma Link

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match

File source: 21097.0.pages.csv, type: HTML

Yara detected HtmlPhish14

Show sources

Source: Yara match

File source: 21097.0.pages.csv, type: HTML

Yara detected HtmlPhish44

Show sources

Source: Yara match

File source: HSBC_Payment_slip_for Outstanding 001005l.htm, type: SAMPLE

Phishing site detected (based on image similarity)

Show sources

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm

Matcher: Found strong image similarity, brand: Microsoft image: 21097.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

Phishing site detected (based on logo template match)

Show sources

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm

Matcher: Template: microsoft matched

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Form action: https://mt-autorepair.com//dcon/dny.php
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: Form action: https://mt-autorepair.com//dcon/dny.php

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown

HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49735 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 192.229.221.185 192.229.221.185

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown

DNS traffic detected: queries for: raktaxis.co.uk

Source: 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://aadcdn.msftauth.net
Source: manifest.json0.0.dr, 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://accounts.google.com
Source: manifest.json0.0.dr, 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://apis.google.com
Source: 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/downloads-lorry
Source: 5fb122e3-dcc1-45f3-9060-44c74a3ebcc2.tmp.2.dr, 8b82acec-f064-4432-9f97-dd5df07ab2d2.tmp.2.dr, 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://logincdn.msauth.net
Source: 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://r3---sn-5hneknee.gvt1.com
Source: 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: manifest.json0.0.dr, 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443

Source: unknown

HTTPS traffic detected: 152.199.23.37:443 -> 192.168.2.6:49735 version: TLS 1.2

System Summary:

HTML document with suspicious name

Show sources

Source: Name includes: HSBC_Payment_slip_for Outstanding 001005l.htm

Initial sample: payment

HTML document with suspicious title

Show sources

Source: file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm

Tab title: HSBC_Payment_slip_for Outstanding 001005l.htm

Source: classification engine

Classification label: mal88.phis.winHTM@32/222@7/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-610A2178-1B4C.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\409faa5b-ba1e-4e0b-9ea3-7916934440d4.tmp

Jump to behavior

Source: HSBC_Payment_slip_for Outstanding 001005l.htm

Virustotal: Detection: 11%

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\HSBC_Payment_slip_for Outstanding 001005l.htm'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,14998763898602745597,3575006488296636630,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,14998763898602745597,3575006488296636630,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
HSBC_Payment_slip_for Outstanding 001005l.htm	12%	Virustotal		Browse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
cs1100.wpc.omegacdn.net	0%	Virustotal		Browse
cs1227.wpc.alphacdn.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://dns.google	0%	URL Reputation	safe
https://www.google.com;	0%	Avira URL Cloud	safe
https://aadcdn.msftauth.net	0%	URL Reputation	safe
https://logincdn.msauth.net	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/downloads-lorry	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
cs1100.wpc.omegacdn.net	152.199.23.37	true	false	0%, Virustotal, Browse	unknown
accounts.google.com	216.58.205.77	true	false		high
cs1227.wpc.alphacdn.net	192.229.221.185	true	false	0%, Virustotal, Browse	unknown
clients.l.google.com	142.250.186.110	true	false		high
googlehosted.l.googleusercontent.com	216.58.208.129	true	false		high
logincdn.msauth.net	unknown	unknown	false		unknown
clients2.googleusercontent.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high
aadcdn.msftauth.net	unknown	unknown	false		unknown
raktaxis.co.uk	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm	true		low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	manifest.json0.0.dr, 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	false		high
https://dns.google	5fb122e3-dcc1-45f3-9060-44c74a3ebcc2.tmp.2.dr, 8b82acec-f064-4432-9f97-dd5df07ab2d2.tmp.2.dr, 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	false	URL Reputation: safe	unknown
https://ogs.google.com	10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	false		high
https://support.google.com/chromecast/troubleshooter/2995236	messages.json41.0.dr	false		high
https://accounts.google.com	manifest.json0.0.dr, 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
https://www.google.com;	manifest.json0.0.dr	false	Avira URL Cloud: safe	low
https://support.google.com/chromecast/answer/2998456	messages.json41.0.dr	false		high
https://hangouts.google.com/	manifest.json0.0.dr	false		high
https://aadcdn.msftauth.net	04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	false	URL Reputation: safe	unknown
https://clients2.googleusercontent.com	10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	false		high
https://apis.google.com	manifest.json0.0.dr, 10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	false		high
https://logincdn.msauth.net	04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
https://www.google.com/	manifest.json.0.dr	false		high
https://csp.withgoogle.com/csp/report-to/downloads-lorry	Reporting and NEL.2.dr	false	URL Reputation: safe	unknown
https://feedback.googleusercontent.com	manifest.json0.0.dr	false		high
https://clients2.google.com	10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp.2.dr, 04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp.2.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json0.0.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
216.58.205.77	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.229.221.185	cs1227.wpc.alphacdn.net	United States	15133	EDGECASTUS	false
216.58.208.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.186.110	clients.l.google.com	United States	15169	GOOGLEUS	false
152.199.23.37	cs1100.wpc.omegacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.1
192.168.2.7
192.168.2.5
127.0.0.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	458936
Start date:	03.08.2021
Start time:	22:10:32
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 32s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	HSBC_Payment_slip_for Outstanding 001005l.htm
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal88.phis.winHTM@32/222@7/10
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .htm
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 40.88.32.150, 104.43.193.48, 142.250.184.110, 74.125.8.72, 209.85.226.8, 142.250.180.163, 142.250.180.170, 216.58.206.42, 216.58.206.74, 216.58.208.138, 216.58.208.170, 216.58.209.42, 142.250.184.42, 142.250.184.74, 142.250.184.106, 216.58.198.42, 216.58.205.74, 172.217.21.74, 142.250.180.74, 142.250.180.106, 142.250.180.138, 13.107.42.23, 13.107.5.88, 93.184.220.29, 20.82.210.154, 51.103.5.186, 8.248.141.254, 8.253.207.120, 8.248.143.254, 8.248.133.254, 8.238.85.254, 20.54.110.249, 40.112.88.60, 216.58.208.131, 216.58.209.35, 80.67.82.211, 80.67.82.235, 51.103.5.159, 20.50.102.62, 23.211.4.86, 74.125.100.103, 172.217.132.103 Excluded domains from analysis (whitelisted): cs9.wac.phicdn.net, r3---sn-5hneknee.gvt1.com, clientservices.googleapis.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, skypedataprdcoleus15.cloudapp.net, r2---sn-5hnekn7z.gvt1.com, ocsp.digicert.com, audownload.windowsupdate.nsatc.net, update.googleapis.com, watson.telemetry.microsoft.com, www.gstatic.com, r3.sn-5hneknee.gvt1.com, au-bg-shim.trafficmanager.net, afdo-tas-offload.trafficmanager.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, ris-prod.trafficmanager.net, lgincdnvzeuno.ec.azureedge.net, www.googleapis.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, lgincdn.trafficmanager.net, blobcollector.events.data.trafficmanager.net, r2.sn-5hnekn7z.gvt1.com, client-office365-tas.msedge.net, ocos-office365-s2s.msedge.net, config.edge.skype.com.trafficmanager.net, e-0009.e-msedge.net, config-edge-skype.l-0014.l-msedge.net, l-0014.config.skype.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, r3.sn-5hnekn76.gvt1.com, wns.notify.trafficmanager.net, redirector.gvt1.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com, r2.sn-5hne6nsy.gvt1.com, client.wns.windows.com, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, lgincdnvzeuno.azureedge.net, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, r3---sn-5hnekn76.gvt1.com, l-0014.l-msedge.net, r2---sn-5hne6nsy.gvt1.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
239.255.255.250	ATT80307.HTM	Get hash	malicious	Browse
	2C.TA9.HTML	Get hash	malicious	Browse
	Project Proposal and Analysis.html	Get hash	malicious	Browse
	Dosusign_Na_Sign.htm	Get hash	malicious	Browse
	sbcss_Richard.DeNava_#inv0549387TWQYqzTPaYeqvaYMnpdIfJAwwzbguzauViQVRRplvOktNmAire.HTM	Get hash	malicious	Browse
	Fake.HTM	Get hash	malicious	Browse
	6dAzFehHE6.doc	Get hash	malicious	Browse
	vcufsCgeP2.doc	Get hash	malicious	Browse
	#Ud83d#Udda8rocket.com 7335931#Ufffd90-queue-1675.htm	Get hash	malicious	Browse
	ATT66004.HTM	Get hash	malicious	Browse
	0803_0212424605.doc	Get hash	malicious	Browse
	psconstruction.ca Attachment.htm	Get hash	malicious	Browse
	minha-conta-06082021.msi	Get hash	malicious	Browse
	BadFile.HTM	Get hash	malicious	Browse
	OneDrive-besked.htm	Get hash	malicious	Browse
	SARS_DOCUMENT - Copy.html	Get hash	malicious	Browse
	SARS_DOCUMENT - Copy.html	Get hash	malicious	Browse
	Xerox Scan_367136092111.html	Get hash	malicious	Browse
	_vm000_294943583.HtM	Get hash	malicious	Browse
	QIOyDcDypy.exe	Get hash	malicious	Browse
192.229.221.185	minha-conta-06082021.msi	Get hash	malicious	Browse
	minha-conta-06082021.msi	Get hash	malicious	Browse
	AUTORIZAR_ITEM3884795BR.msi	Get hash	malicious	Browse
	minha-conta-06082021.msi	Get hash	malicious	Browse
	minha-conta-06082021.msi	Get hash	malicious	Browse
	bl.51676685_61299322_95868579.pdf.msi	Get hash	malicious	Browse
	It.servicedesk-it.servicedesk@ovolohotels.com.html	Get hash	malicious	Browse
	$83,37857 Depsoit Payment.html	Get hash	malicious	Browse
	$83,37857 Depsoit Payment.html	Get hash	malicious	Browse
	VM 1min.htm	Get hash	malicious	Browse
	RemitSwiftxlsx.htm	Get hash	malicious	Browse
	virus2.msi	Get hash	malicious	Browse
	DCBR.msi	Get hash	malicious	Browse
	banload.msi	Get hash	malicious	Browse
	voice mail.html	Get hash	malicious	Browse
	New Working C0D377B99993939393939939.htm	Get hash	malicious	Browse
	RemitSwiftxlsx.htm	Get hash	malicious	Browse
	It.servicedesk_FAXit.servicedesk@ovolohotels.com.html	Get hash	malicious	Browse
	Globalfoundries#Scanned-thomas.caulfield.html	Get hash	malicious	Browse
	INV_289553.html	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
cs1227.wpc.alphacdn.net	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	AUTORIZAR_ITEM3884795BR.msi	Get hash	malicious	Browse	192.229.221.185
	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	bl.51676685_61299322_95868579.pdf.msi	Get hash	malicious	Browse	192.229.221.185
	It.servicedesk-it.servicedesk@ovolohotels.com.html	Get hash	malicious	Browse	192.229.221.185
	$83,37857 Depsoit Payment.html	Get hash	malicious	Browse	192.229.221.185
	$83,37857 Depsoit Payment.html	Get hash	malicious	Browse	192.229.221.185
	VM 1min.htm	Get hash	malicious	Browse	192.229.221.185
	RemitSwiftxlsx.htm	Get hash	malicious	Browse	192.229.221.185
	virus2.msi	Get hash	malicious	Browse	192.229.221.185
	DCBR.msi	Get hash	malicious	Browse	192.229.221.185
	banload.msi	Get hash	malicious	Browse	192.229.221.185
	voice mail.html	Get hash	malicious	Browse	192.229.221.185
	New Working C0D377B99993939393939939.htm	Get hash	malicious	Browse	192.229.221.185
	RemitSwiftxlsx.htm	Get hash	malicious	Browse	192.229.221.185
	It.servicedesk_FAXit.servicedesk@ovolohotels.com.html	Get hash	malicious	Browse	192.229.221.185
	Globalfoundries#Scanned-thomas.caulfield.html	Get hash	malicious	Browse	192.229.221.185
	INV_289553.html	Get hash	malicious	Browse	192.229.221.185
cs1100.wpc.omegacdn.net	#Ud83d#Udda8rocket.com 7335931#Ufffd90-queue-1675.htm	Get hash	malicious	Browse	152.199.23.37
	psconstruction.ca Attachment.htm	Get hash	malicious	Browse	152.199.23.37
	OneDrive-besked.htm	Get hash	malicious	Browse	152.199.23.37
	phish.html	Get hash	malicious	Browse	152.199.23.37
	Medius.html	Get hash	malicious	Browse	152.199.23.37
	Aging invoice.html	Get hash	malicious	Browse	152.199.23.37
	globalfoundries_MNT484_XEROStubs_XjJzNZsjSWLmtRAHrKczAOlwztYjTcVMspUZaJnMJERgMTdevl.HTML	Get hash	malicious	Browse	152.199.23.37
	It.servicedesk-it.servicedesk@ovolohotels.com.html	Get hash	malicious	Browse	152.199.23.37
	VM 1min.htm	Get hash	malicious	Browse	152.199.23.37
	Prosserhealth.html	Get hash	malicious	Browse	152.199.23.37
	Convert HEX uit phishing mail.htm	Get hash	malicious	Browse	152.199.23.37
	192-3216-Us.gt.com.html	Get hash	malicious	Browse	152.199.23.37
	voice mail.html	Get hash	malicious	Browse	152.199.23.37
	New Working C0D377B99993939393939939.htm	Get hash	malicious	Browse	152.199.23.37
	20210714_110346.html	Get hash	malicious	Browse	152.199.23.37
	qET1iJuly 16, 2021, 092847 AM.HTM	Get hash	malicious	Browse	152.199.23.37
	July 16, 2021, 092847 AM.HTM	Get hash	malicious	Browse	152.199.23.37
	It.servicedesk_FAXit.servicedesk@ovolohotels.com.html	Get hash	malicious	Browse	152.199.23.37
	Globalfoundries#Scanned-thomas.caulfield.html	Get hash	malicious	Browse	152.199.23.37
	Deepspacesystems Signed Waiver .html	Get hash	malicious	Browse	152.199.23.37

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
EDGECASTUS	ATT80307.HTM	Get hash	malicious	Browse	152.199.23.72
	Project Proposal and Analysis.html	Get hash	malicious	Browse	152.199.21.175
	Dosusign_Na_Sign.htm	Get hash	malicious	Browse	93.184.220.66
	Fake.HTM	Get hash	malicious	Browse	152.199.23.72
	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	OneDrive-besked.htm	Get hash	malicious	Browse	152.199.23.37
	phish.html	Get hash	malicious	Browse	152.199.23.37
	HTM.html	Get hash	malicious	Browse	152.199.23.72
	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	AUTORIZAR_ITEM3884795BR.msi	Get hash	malicious	Browse	152.199.21.175
	setup_x86_x64_install.exe	Get hash	malicious	Browse	93.184.221.240
	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	minha-conta-06082021.msi	Get hash	malicious	Browse	152.199.21.175
	Medius.html	Get hash	malicious	Browse	152.199.23.37
	Aging invoice.html	Get hash	malicious	Browse	152.199.23.37
	LM6QUd7sMJ.exe	Get hash	malicious	Browse	93.184.220.29
	bl.51676685_61299322_95868579.pdf.msi	Get hash	malicious	Browse	152.199.21.175
	globalfoundries_MNT484_XEROStubs_XjJzNZsjSWLmtRAHrKczAOlwztYjTcVMspUZaJnMJERgMTdevl.HTML	Get hash	malicious	Browse	152.199.23.37
	It.servicedesk-it.servicedesk@ovolohotels.com.html	Get hash	malicious	Browse	152.199.23.37
	MIN56KgzBN.exe	Get hash	malicious	Browse	93.184.221.240
EDGECASTUS	ATT80307.HTM	Get hash	malicious	Browse	152.199.23.72
	Project Proposal and Analysis.html	Get hash	malicious	Browse	152.199.21.175
	Dosusign_Na_Sign.htm	Get hash	malicious	Browse	93.184.220.66
	Fake.HTM	Get hash	malicious	Browse	152.199.23.72
	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	OneDrive-besked.htm	Get hash	malicious	Browse	152.199.23.37
	phish.html	Get hash	malicious	Browse	152.199.23.37
	HTM.html	Get hash	malicious	Browse	152.199.23.72
	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	AUTORIZAR_ITEM3884795BR.msi	Get hash	malicious	Browse	152.199.21.175
	setup_x86_x64_install.exe	Get hash	malicious	Browse	93.184.221.240
	minha-conta-06082021.msi	Get hash	malicious	Browse	192.229.221.185
	minha-conta-06082021.msi	Get hash	malicious	Browse	152.199.21.175
	Medius.html	Get hash	malicious	Browse	152.199.23.37
	Aging invoice.html	Get hash	malicious	Browse	152.199.23.37
	LM6QUd7sMJ.exe	Get hash	malicious	Browse	93.184.220.29
	bl.51676685_61299322_95868579.pdf.msi	Get hash	malicious	Browse	152.199.21.175
	globalfoundries_MNT484_XEROStubs_XjJzNZsjSWLmtRAHrKczAOlwztYjTcVMspUZaJnMJERgMTdevl.HTML	Get hash	malicious	Browse	152.199.23.37
	It.servicedesk-it.servicedesk@ovolohotels.com.html	Get hash	malicious	Browse	152.199.23.37
	MIN56KgzBN.exe	Get hash	malicious	Browse	93.184.221.240

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	ATT80307.HTM	Get hash	malicious	Browse	152.199.23.37
	Project Proposal and Analysis.html	Get hash	malicious	Browse	152.199.23.37
	Fake.HTM	Get hash	malicious	Browse	152.199.23.37
	Ban.exe	Get hash	malicious	Browse	152.199.23.37
	TpZ10Hfjov.exe	Get hash	malicious	Browse	152.199.23.37
	ATT66004.HTM	Get hash	malicious	Browse	152.199.23.37
	REQUEST FOR QUOTATION.exe	Get hash	malicious	Browse	152.199.23.37
	OneDrive-besked.htm	Get hash	malicious	Browse	152.199.23.37
	PdQwZoWgs2.ppt	Get hash	malicious	Browse	152.199.23.37
	Wyzntjzprmmvqdtdrthurezrzhdavabchs.exe	Get hash	malicious	Browse	152.199.23.37
	Wyzntjzprmmvqdtdrthurezrzhdavabchs.exe	Get hash	malicious	Browse	152.199.23.37
	1As0Ink4Td.exe	Get hash	malicious	Browse	152.199.23.37
	9HEOWXnwTj.exe	Get hash	malicious	Browse	152.199.23.37
	SzjLrAw2pL.exe	Get hash	malicious	Browse	152.199.23.37
	8dll.dll	Get hash	malicious	Browse	152.199.23.37
	8dll.exe	Get hash	malicious	Browse	152.199.23.37
	j4OPkAytMi.exe	Get hash	malicious	Browse	152.199.23.37
	Tzcyxxestkakhuvtmvfdserywturrfjrye.exe	Get hash	malicious	Browse	152.199.23.37
	Xerox Scan_367136092111.html	Get hash	malicious	Browse	152.199.23.37
	mal.docx	Get hash	malicious	Browse	152.199.23.37

Dropped Files

No context

Created / dropped Files

C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	451603
Entropy (8bit):	5.009711072558331
Encrypted:	false
SSDEEP:	12288:ZHfRTyGZ6lup8Cfrvq4JBPKh+FBlESBw4p6:NfOCzvRKhGvwJ
MD5:	A78AD14E77147E7DE3647E61964C0335
SHA1:	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45
SHA-256:	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
SHA-512:	DDE24D5AD50D68FC91E9E325D31E66EF8F624B6BB3A07D14FFED1104D3AB5F4EF1D7969A5CDE0DFBB19CB31C506F7DE97AF67C2F244F7E7E8E10648EA8321101
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	BDic.... ....6...."..Z..4g....6.2...{/...3...5....AF 1363.AF nm.AF pt.AF n1.AF p.AF tc.AF SM.AF M.AF S.AF MS.AF MNR.AF GDS.AF MNT.AF MH.AF MR.AF SZMR.AF MJ.AF MT.AF MY.AF MRZ.AF MN.AF MG.AF RM.AF N.AF MV.AF XM.AF DSM.AF SD.AF G.AF R.AF MNX.AF MRS.AF MD.AF MNRB.AF B.AF ZSMR.AF PM.AF SMNGJ.AF SMN.AF ZMR.AF SMGB.AF MZR.AF GM.AF SMR.AF SMDG.AF RMZ.AF ZM.AF MDG.AF MDT.AF SMNXT.AF SDY.AF LSDG.AF LGDS.AF GLDS.AF UY.AF U.AF DSGNX.AF GNDSX.AF DSG.AF Y.AF GS.AF IEMS.AF YP.AF ZGDRS.AF XGNVDS.AF UT.AF GNDS.AF GVDS.AF MYPS.AF XGNDS.AF TPRY.AF MDSG.AF ZGSDR.AF DYSG.AF PMYTNS.AF AGDS.AF DRZGS.AF PY.AF GSPMDY.AF EGVDS.AF SL.AF GNXDS.AF DSBG.AF IM.AF I.AF MDGS.AF SMY.AF DSGN.AF DSLG.AF GMDS.AF MDSBG.AF SGD.AF IY.AF P.AF DSMG.AF BLZGDRS.AF TR.AF AGSD.AF ZGBDRSL.AF PTRY.AF ASDGV.AF ASM.AF ICANGSD.AF ICAM.AF IKY.AF AMS.AF PMYTRS.AF BZGVDRS.AF SDRBZG.AF GVMDS.AF PSM.AF DGLS.AF GNVXDS.AF AGDSL.AF DGS.AF XDSGNV.AF BZGDRS.AF AM.AF AS.AF A.AF LDSG.AF AGVDS.AF SDG.AF LDSMG.AF EDSMG.AF EY.AF DRSMZG.AF PRYT.AF LZ

C:\Users\user\AppData\Local\Google\Chrome\User Data\17657ef8-3524-477b-8058-ce8dcaacb3bb.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	95428
Entropy (8bit):	3.7500794576353353
Encrypted:	false
SSDEEP:	384:1fCBRPkGn0HnVgmNMN1rmv5D3a9TWH3SGGprE3dZxazb3ar4RmwES0TddtqOX3dr:F6+J9i/oGge7VrvQnLGnK5XlRJ
MD5:	7BD4A047F91C52FB1C2319F9A44D0A95
SHA1:	15E12B62A90432D406C3740F7C24E55B46394815
SHA-256:	8D6C53E49404697F271E3D3A2B07E718586AEB237561364E28EF779479BC9FC1
SHA-512:	0DC51D47299C58968EAE05C0A7F09994614F335474BB038937FF9478C63E85A0A726F016D03C4B5D7D486CD31ADF2A9C097AD76EF5B8865CDF6D813BC33446C5
Malicious:	false
Reputation:	low
Preview:	.t.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....A8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\33feee14-a457-4f6e-a9d1-c626306ef171.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	369126
Entropy (8bit):	6.028330855257165
Encrypted:	false
SSDEEP:	6144:7xaV+QfT7GSmhsG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinJF:7w/asGNPUZ+w7wJHyEtAWy
MD5:	18440D47AA55AC762C990F2DBA3C732F
SHA1:	AADCB7F9F42C29512FC0F439E3C49678592BD116
SHA-256:	A500AE63672F5002805223B0DA3E53331849FCA292780B2A5721600FC0E76CA1
SHA-512:	30BC5208EE88B792143B1798B15588E5DADE0B9618493E29C40A26B5EF857130D038B03B06922FB719463AAF96BBF90DE0C9E3D46D4DD9B78BA6854E0CD6B7DB
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628053884148547e+12,"network":1.628021486e+12,"ticks":6279237729.0,"uncertainty":4436092.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488274817"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\734ebadf-1d3e-41cd-b527-1d6fe6c04b58.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	369033
Entropy (8bit):	6.028153950380749
Encrypted:	false
SSDEEP:	6144:+xaV+QfT7GSmhsG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinJF:+w/asGNPUZ+w7wJHyEtAWy
MD5:	CC8D2412F80DFB88A1B97E2B2E3D10A7
SHA1:	9531F87ACA8FE563FBB7706BF94404F04945D7E8
SHA-256:	A93378AB96A2E03A4DEA0201D6A4E9966187A6E6A501BED9AC01DA63539F8C43
SHA-512:	BC4C96AE9769E6BE5346A2C68EEFA1E52B13AF545FD30747073A821B9804FBACF1F6343B3FCD2816D7EF341D68E610F744AFACFDEF7FBD444AD9C043450F3EBB
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628053884148547e+12,"network":1.628021486e+12,"ticks":6279237729.0,"uncertainty":4436092.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488274817"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\7453b005-84bf-44ca-adea-8a3c547ad11f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	377500
Entropy (8bit):	6.049292223944141
Encrypted:	false
SSDEEP:	6144:4xaV+QfT7GSmhsG0OP1eVxR+v+F7EFpfY4XB3iE7ZPXYGzLxinJF:4w/asGNPUZ+w7wJHyEtAWy
MD5:	16D4E2CB1D53A6C03B2237357B9C8002
SHA1:	A38D4AB8FCF396BCED124AED828FE2B24F9B652D
SHA-256:	E9F8F8AD65CC6ED8FF02CFC8077ED295DDE6053CC3496CBD099B76652641DF2E
SHA-512:	65DAF254C9DA636BB3F9F1C14066BC259227DA38ACCFCBCB7BE46961006F0C54953F64B2821904444A205727C6128520774AADCEFD5DD95AF47B0D865AF778D7
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628053884148547e+12,"network":1.628021486e+12,"ticks":6279237729.0,"uncertainty":4436092.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAACMBYze0bKMTIhZGR/AW4M5AAAAAAIAAAAAABBmAAAAAQAAIAAAACoSPhbyumSaNjLuAHEna2OUDn+rpXOk+H/ONjHe5ZwbAAAAAA6AAAAAAgAAIAAAADezR1ii2QiPYGPz0Jd0ZQiE5jKOKMttbbwwADHJYDpEMAAAACuIP4EJtfud3aEFZzvijkFSTP1RNwcy8fFg19xXfiV1Q9wriZb5iS+jYbOXKVX44kAAAAByJv8rXU2wt9ZoSemiGl7Rv1MeHwgrJRvbYcUfMpjLAz2bh77nWHOppVpZzR2K2uw89vs6aWrPXuiWeIEQQvEM"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245952488007586"},"plugins":{"metadata":{"adobe-flash-player":{"dis

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.3041625260016576
Encrypted:	false
SSDEEP:	3:FkXEwozZHGftEwozZHGftEwozZHn:+EwozZHGVEwozZHGVEwozZHn
MD5:	4829695F153A750ADF50C6E979E8E8F3
SHA1:	2F697EF207460D03671E4B59670BC73328D60D6E
SHA-256:	1AACF1304FD42C84FF41DDD2F2252E5C0EDE7362352661B7957648F2EA4C2683
SHA-512:	6D16A6EF4BB20B25B1B14757C475E9F8C3A40D6181F718D563A628BA41DA9426E1B586C472D4F8729FD65FCA014151B7D46FBFAAE171BFF9A6D937DB7A7A2CC2
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	sdPC.......................y3..M.Y.NbD.sdPC.......................y3..M.Y.NbD.sdPC.......................y3..M.Y.NbD.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\04e6ce28-f6ed-4598-8c57-bf90678b63df.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	2374
Entropy (8bit):	4.888884611800615
Encrypted:	false
SSDEEP:	48:YALteBdpNntwTCXDHzMXOcslTsiRLsNKSPsIyKsD3zsAMHSYhbG:2lNnOTCXDHzMXOJzdA2dG3hS
MD5:	33CFEA017929762D131E375562EF5D08
SHA1:	C096F7AA4D6EA4FB82682E8064B71F1486E059A2
SHA-256:	A77715CFC14053A3FF2F562174AFC687D9B285D2FD1AC2AFCC571DE38FE8C53A
SHA-512:	5D9E2EFA48776A400D60C82B6C0E96A911427594AA0D5804689970F1697AEC27D81193182EA61EED314B0C04844A7633C966B531A6038CE4A3607986CA10FA50
Malicious:	false
Reputation:	low
Preview:	{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"isolation":[],"server":"https://logincdn.msauth.net","supports_spdy":true},{"isolation":[],"server":"https://aadcdn.msftauth.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"1327511948

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\10d0a43a-cd97-49a8-b2c8-b89df3a900a4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2825
Entropy (8bit):	4.86435102445835
Encrypted:	false
SSDEEP:	48:YALtdpBeMsNMHK5sJDysACs37sHWsd5/sSYMHCKs/MHCzsSOMHwsSJtFsX3RLs9D:HQxGKWDS1i/5vYGmGqOGKJ03QshS
MD5:	95488A82D5073BDAAFC1480073FF801F
SHA1:	E2E979B6D4A3EE16A815115C414D0A98E1DFA93F
SHA-256:	C091AE68AFCD5EC632B2C324B983D70F722463CB4D05A3CE8D52E07AA7E5A5D6
SHA-512:	D536466352320C5D394130A59B605617580050CDF325C4B3392D87D384C246E9D8C54FC16A247FF4B379F162536304E0D312D7781FFE245C643C5081B8BE08CD
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952675493","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":32613},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952813644","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952748754","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952634896","port":443,"protocol_str":"quic"}],"isolation":[],"server"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\20e94b6e-a942-45be-8496-1a98d41b8221.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22595
Entropy (8bit):	5.536291180951369
Encrypted:	false
SSDEEP:	384:nLAtYLl1+Xc1kXqKf/pUZNCgVLH2HfDYrU2HGunTc1jeE/4LX:FLlqc1kXqKf/pUZNCgVLH2HfMrUWGunp
MD5:	423EA499606FD56E479401BB98E20D29
SHA1:	948680898BF179E5970B867F5054B9D9AEB65084
SHA-256:	50E2A1C2C55EBABC21E3218DF690A73E03BE6301AA47372A836AEA3A41345114
SHA-512:	52A8A53B9DA5EFE9A9E5F78B6DE8DCE54F1DB847A22B767D1117C8D4B097AA9095B5915E35251949212D4F4A7D3B7019D7B4FC7E1C926E35570E6C77069396A7
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272527481250780","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2673d304-6ffd-42b2-9d87-afdabee5f775.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16745
Entropy (8bit):	5.577685019903162
Encrypted:	false
SSDEEP:	384:nLAtpLl1+Xc1kXqKf/pUZNCgVLH2HfDYrUe1jQE/42:uLlqc1kXqKf/pUZNCgVLH2HfMrUeFQE9
MD5:	0B81E99FDFA02DFF1EAC1F1A617C59A8
SHA1:	3BEB3138A5FC5FDAA50C801EF5C8322885B872B6
SHA-256:	CB062907F689AD7C78077021BF65B18BD9FD90423EFE366C1CBFE6535C7036B9
SHA-512:	B564B211DF5751814408EF6F0A6E8D52A8E4DB642E49D5D3E0AC84EC99594EA1FB14728EC267B73DAB84B8B301D5797ABC7FF4579F7430EA51B6E1E69D1E97CA
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272527481250780","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\30bef9e3-2b9d-4643-a9cf-22cc6cdcafd9.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5496
Entropy (8bit):	5.175595425494836
Encrypted:	false
SSDEEP:	96:nj4XbGqV9KTGSOLaAKIHP8xk0JCKL8robOTQVuwn:nj4XbF9KpOL9hs4Ksa
MD5:	C41593D95383AF2A8CCE0F4E28B3F218
SHA1:	B088B5D947C41C4D14EBFFBB2F31D0A7608824EC
SHA-256:	5A4CB5CEFA26B2BCE83D56A1712F45FB5C56CE92C9A6D7E58ECE75378EBAB786
SHA-512:	C427A3AC4EFA2CF05294ADD635BEAC3A4650D18F42F9F006669C755A29E93CF03DFD90D1CB2F8F43CD2BB0450AD4108EB20B27F51263F9EA7C5E725965F241FE
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\541acbd7-4f93-4596-8bbc-4aa36403d67a.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.536321923352899
Encrypted:	false
SSDEEP:	384:nLAtYLl1+Xc1kXqKf/pUZNCgVLH2HfDYrU2HGtnTc1jIE/4LY:FLlqc1kXqKf/pUZNCgVLH2HfMrUWGtng
MD5:	C3DCB302EF7DDB8969844ECD6CCC452F
SHA1:	A049F764A0E716322C6AE9B9CF4BAE2BF686A3DD
SHA-256:	52C2986438CACC37A3BFB1155887FD432882F9A961D00462ABA61AFD0C0EC4D1
SHA-512:	F54CAAC4156DAEECB406C311896072BCF9E0CD17107271C816CE437F70E88ED2A6CC7BC667AE0ADD98F870321587B61E6E2BA6175E72A914E1FA7C83B65C2C4C
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272527481250780","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\58c03935-d0f1-41b4-9372-6366d27fa3fc.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6c0ef1f2-f4e1-4bbb-8e99-ba35a4b168be.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6c1cb964-a49f-481f-9186-6ed757f85aa4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	4900
Entropy (8bit):	4.947515494737214
Encrypted:	false
SSDEEP:	96:nj4XbGHqm9paAKIHP8xk0JCKL8robOTQVuwn:nj4Xbjm9p9hs4Ksa
MD5:	B629CA54AD5C073ADAC9B71A7DC5B8AF
SHA1:	C48B6ADBEE59F05985A426FCF17F0DAB75350141
SHA-256:	0FFCC6A6F085EE81C2BE01E5041F173D0826ACEF26AD8F424225F56D7505F5ED
SHA-512:	8B5F5CEE3D5BFFA6E614EBB12DAFFA2C1A2B7D93AABD3258DB3679099E930848BC4B92A29B3453C6100EB3A3012411715C9A796C2F5BD3C04DE7B83A50E99F93
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\765b02ac-8169-4d89-9e46-e1ce8780be43.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	874
Entropy (8bit):	5.555589712313329
Encrypted:	false
SSDEEP:	12:YmZ6Hk3O+UAnIvcJeJrNgmh4r+UAnIEJScNnYj+UAnIEORD2R7N+UAnIJImVWFKg:Yc6H0Uhc4G1KUe4aUe0i7wUrz3RUeHQ
MD5:	CE17A082965B9FC15643C0BA510EA367
SHA1:	E669C28427B9811E027C2A17E0F2B9098809C959
SHA-256:	FB59C6C5622931FF3B429E07E32725550F155EE855541F6DA82B6656339DBDE1
SHA-512:	1D74088BC8A4A34815F1493785D0B4DE3CDF8D138789456D67F5EDB725AEA00B4A9443044B1D3949764B33E63D70F385FD4754369CE94ED1124F1E3F14135898
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1633015352.675531,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601479352.675536},{"expiry":1633015352.520557,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601479352.52056},{"expiry":1633015352.455722,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601479352.455726},{"expiry":1659589884.611829,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1628053884.611833},{"expiry":1633015352.814139,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601479352.814142}],"version":2}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\77533d7b-491c-4f63-ab84-d2c324631196.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\78155801-e1d5-4de7-a9d3-ba1ff80582bd.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\975885b4-0746-48c2-9728-74806aa7ce0c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.2064455610970715
Encrypted:	false
SSDEEP:	6:mhrBYVq2PN723iKKdK9RXXTZIFUtpiEgZmwPiEIkwON723iKKdK9RXX5LJ:fVvVa5Kk7XT2FUtpRg/PRI5Oa5Kk7XVJ
MD5:	F05A71F74057B16DD8D36294BB1E3CA4
SHA1:	130CE1B85A944D039C9A5E44726E10AF47BAAA2E
SHA-256:	FBC10594027801E3EEC786C4D2671E3CBC388544BD712DFDF2FBC81479256BDB
SHA-512:	CF1A077146F0EC2FB7E3C970F03DD2CC148C88DA0D7A502546ABE6E824E2FF0B14E916BB33BBE7ECC4EB359560D30A1E241CC2E92EADD66765ADC7E4917257FC
Malicious:	false
Preview:	2021/08/03-22:11:39.757 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/08/03-22:11:39.759 1bd0 Recovering log #3.2021/08/03-22:11:39.759 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	340
Entropy (8bit):	5.2064455610970715
Encrypted:	false
SSDEEP:	6:mhrBYVq2PN723iKKdK9RXXTZIFUtpiEgZmwPiEIkwON723iKKdK9RXX5LJ:fVvVa5Kk7XT2FUtpRg/PRI5Oa5Kk7XVJ
MD5:	F05A71F74057B16DD8D36294BB1E3CA4
SHA1:	130CE1B85A944D039C9A5E44726E10AF47BAAA2E
SHA-256:	FBC10594027801E3EEC786C4D2671E3CBC388544BD712DFDF2FBC81479256BDB
SHA-512:	CF1A077146F0EC2FB7E3C970F03DD2CC148C88DA0D7A502546ABE6E824E2FF0B14E916BB33BBE7ECC4EB359560D30A1E241CC2E92EADD66765ADC7E4917257FC
Malicious:	false
Preview:	2021/08/03-22:11:39.757 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/08/03-22:11:39.759 1bd0 Recovering log #3.2021/08/03-22:11:39.759 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.187078301949929
Encrypted:	false
SSDEEP:	6:mhRdVq2PN723iKKdKyDZIFUtpiWVSgZmwPidBYIkwON723iKKdKyJLJ:mdVvVa5Kk02FUtp9Sg/PCuI5Oa5KkWJ
MD5:	81E316EAA980D9AE9F00F053E9B2B76C
SHA1:	B7AE543A60CBCFA86555BDAC4E70FFC32BC411FE
SHA-256:	25724D269774597FAAC53E3F9C039DE5BCB5487F811E7885EAF14C94DD3BCF6E
SHA-512:	85FC591A2D77D76893DB2BDBB55FB53690849A9BB9D98E3C53993982F2C781A24F9041A4B2FBC1E688852138A76950486BA3FC70E7648DAB034DFB9E7A0316A6
Malicious:	false
Preview:	2021/08/03-22:11:39.749 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/08/03-22:11:39.750 1bd0 Recovering log #3.2021/08/03-22:11:39.751 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldG (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	324
Entropy (8bit):	5.187078301949929
Encrypted:	false
SSDEEP:	6:mhRdVq2PN723iKKdKyDZIFUtpiWVSgZmwPidBYIkwON723iKKdKyJLJ:mdVvVa5Kk02FUtp9Sg/PCuI5Oa5KkWJ
MD5:	81E316EAA980D9AE9F00F053E9B2B76C
SHA1:	B7AE543A60CBCFA86555BDAC4E70FFC32BC411FE
SHA-256:	25724D269774597FAAC53E3F9C039DE5BCB5487F811E7885EAF14C94DD3BCF6E
SHA-512:	85FC591A2D77D76893DB2BDBB55FB53690849A9BB9D98E3C53993982F2C781A24F9041A4B2FBC1E688852138A76950486BA3FC70E7648DAB034DFB9E7A0316A6
Malicious:	false
Preview:	2021/08/03-22:11:39.749 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/08/03-22:11:39.750 1bd0 Recovering log #3.2021/08/03-22:11:39.751 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.6863571317626186
Encrypted:	false
SSDEEP:	12:TLyen4ufFdbXGwcFOaOndOtJRbGMNmt2SH/+eVpUHFxOUwae6:TLyqJLbXaFpEO5bNmISHn06Uwd
MD5:	1C0EAEEE6463CAE33B7A7CD9D9DF4DA5
SHA1:	FBC6A28A1501E40154FDC0A9D0C2F34A5F88AA65
SHA-256:	ED8AE7C5E6885874A39F4E86258F552670352A18D29BE1FF4D372A2F4CD06C8A
SHA-512:	355D19828609971998B09B36E7C7D304B7FB88C7A726670BEBF5CF2E2710F8E71B0F9DEF6FE9712B484C1EB122AEEEFDECF31D13E02C4539C399DFB86EC7619F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12836
Entropy (8bit):	0.9650181108430723
Encrypted:	false
SSDEEP:	24:XpIvJn2QOYiUG3PaVrFqLbJLbXaFpEO5bNmISHn06UwDt8:XpIvZXC/aLq5LLOpEO5J/Kn7UC8
MD5:	760D7A8E5102E08B85772CA74446C531
SHA1:	47EE12656F64BE55CF9C1507CC5CE5FCDE506AEE
SHA-256:	1BAED763B70ECF2C1831BB433AECC1CE8081189F44F84EE156BE496A8A34C495
SHA-512:	805AB8AE7930CB364547DE72D1F1EA7CB7EDCB1E958B7F32015D395055781559262ED8D53440DE6C7D8694B35ED33E67F75C95472CE8212636A4563AF70B935A
Malicious:	false
Preview:	..............6.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1449
Entropy (8bit):	3.557234664480235
Encrypted:	false
SSDEEP:	24:34S6fRxlrlo6+UtoWNNu/+qiqZUtoWNGtlLlLlLlrlLlLlLlrlLlLlL:34NfJxo6+OQ/+qOGXRRRxRRRxRRL
MD5:	D960FEB16A5AA3FF949DE8FB94F2D0E9
SHA1:	5E1B3FE411A26CB7B7610EA9246A2A7583E3E510
SHA-256:	F56116C0893F28D066AC29C93C9B5DBCB67F2C8FCEEE5AB2A0713F9702233961
SHA-512:	119E6ADE2F7EE4227BF142A3DF8355E79208DEB615CB2EFB83B2A8A4CA20EFC4705B66F330AF2CE1D7E2860AD6B8BA2CA8616A8CE7899765E64728F8609E6B95
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...e470974b_276b_47c3_b204_20161ce8a39c.......................@.v................................................................................5..0.......&...{68ADBCFB-ED3C-4AA1-B80C-ADD502B6FA85}............................S...file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm.....................................................h.......`........................................................S.....S....P.......h...................................S...f.i.l.e.:./././.C.:./.U.s.e.r.s./.e.n.g.i.n.e.e.r./.D.e.s.k.t.o.p./.H.S.B.C._.P.a.y.m.e.n.t._.s.l.i.p._.f.o.r.%.2.0.O.u.t.s.t.a.n.d.i.n.g.%.2.0.0.0.1.0.0.5.l...h.t.m...................................8.......0.......8....................................................................... .......................................................S...file:///C:/Users/user/Desktop/HSBC_Payme

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.391736045892206
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB
MD5:	0A906A9A542CDF08FF50DAAF1D1E596E
SHA1:	B97D6274196F40874A368C265799F5FA78C52893
SHA-256:	EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D
SHA-512:	8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491A
Malicious:	false
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.137893749491542
Encrypted:	false
SSDEEP:	6:mJKVOq2PN723iKKdK8aPrqIFUtpY/ZZmwPYKnkwON723iKKdK8amLJ:RVOvVa5KkL3FUtps/PDn5Oa5KkQJ
MD5:	398E40CA5651ED26EAD50C13DFD87D77
SHA1:	D98AFAC3FC7F0003EE7AD12A61E580BDAB5D21F3
SHA-256:	EAF123CC4F5B4A1DFD2D80A795CFB1291CB7B3566FFB927C94197F9D92251DEA
SHA-512:	60A5CC27A5F6F612494B404CF2F489FF3C05165DBFDDD3A92D8AE59D63881E8AC2F62DF9BF020FEDA2381A62246801F219CC3D510403162A3A695C394A704581
Malicious:	false
Preview:	2021/08/03-22:11:21.773 c60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/03-22:11:21.774 c60 Recovering log #3.2021/08/03-22:11:21.780 c60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	323
Entropy (8bit):	5.137893749491542
Encrypted:	false
SSDEEP:	6:mJKVOq2PN723iKKdK8aPrqIFUtpY/ZZmwPYKnkwON723iKKdK8amLJ:RVOvVa5KkL3FUtps/PDn5Oa5KkQJ
MD5:	398E40CA5651ED26EAD50C13DFD87D77
SHA1:	D98AFAC3FC7F0003EE7AD12A61E580BDAB5D21F3
SHA-256:	EAF123CC4F5B4A1DFD2D80A795CFB1291CB7B3566FFB927C94197F9D92251DEA
SHA-512:	60A5CC27A5F6F612494B404CF2F489FF3C05165DBFDDD3A92D8AE59D63881E8AC2F62DF9BF020FEDA2381A62246801F219CC3D510403162A3A695C394A704581
Malicious:	false
Preview:	2021/08/03-22:11:21.773 c60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/03-22:11:21.774 c60 Recovering log #3.2021/08/03-22:11:21.780 c60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A
SHA1:	FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7
SHA-256:	99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6
SHA-512:	86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C51
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.168087764125663
Encrypted:	false
SSDEEP:	6:mJwzpyq2PN723iKKdK8NIFUtpYnR11ZmwPY6lRkwON723iKKdK8+eLJ:RyvVa5KkpFUtpC/PFlR5Oa5KkqJ
MD5:	CB4AF758D0B82F8F6433B1529370E4C4
SHA1:	79E4AFE64EC9761733611909D7367051E3948C3F
SHA-256:	E0A7B136C292FB79567A9C11F85EC61DDECAC0F7E31F7450149EE1E15313DCF4
SHA-512:	102DB2668B62D8CE4325A0033D6829828BC63F79A935CCC2A56708A3761E7069C33417B2EBEF55094594D385B0F327D1FF3D4A3F9FDAE69BB6B80EA80079594E
Malicious:	false
Preview:	2021/08/03-22:11:23.646 1294 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/03-22:11:23.647 1294 Recovering log #3.2021/08/03-22:11:23.648 1294 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.168087764125663
Encrypted:	false
SSDEEP:	6:mJwzpyq2PN723iKKdK8NIFUtpYnR11ZmwPY6lRkwON723iKKdK8+eLJ:RyvVa5KkpFUtpC/PFlR5Oa5KkqJ
MD5:	CB4AF758D0B82F8F6433B1529370E4C4
SHA1:	79E4AFE64EC9761733611909D7367051E3948C3F
SHA-256:	E0A7B136C292FB79567A9C11F85EC61DDECAC0F7E31F7450149EE1E15313DCF4
SHA-512:	102DB2668B62D8CE4325A0033D6829828BC63F79A935CCC2A56708A3761E7069C33417B2EBEF55094594D385B0F327D1FF3D4A3F9FDAE69BB6B80EA80079594E
Malicious:	false
Preview:	2021/08/03-22:11:23.646 1294 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/03-22:11:23.647 1294 Recovering log #3.2021/08/03-22:11:23.648 1294 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	378
Entropy (8bit):	5.214582700931436
Encrypted:	false
SSDEEP:	6:mhoOVq2PN723iKKdK25+Xqx8chI+IFUtpicgZmwPiGuIkwON723iKKdK25+Xqx8E:kVvVa5KkTXfchI3FUtp5g/P5uI5Oa5KN
MD5:	5C1CDFA4E77B7D8EE53D7DC5C343FE11
SHA1:	0D7162E455EB60833167476FC602B160F19C390B
SHA-256:	67BF6A8FAA7CF3016BDA949DB853ACD3D40E036D603834FF06CA258B45183338
SHA-512:	78292B661649AAC0CCE2AA94C53B11A257EAD82A5D44DF105FCE3BE9D08CC847117BBC6051657948178BC7A5A6FFFF8A0EC979394D9912DB1F872C46688C7F89
Malicious:	false
Preview:	2021/08/03-22:11:39.721 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/08/03-22:11:39.724 1bd0 Recovering log #3.2021/08/03-22:11:39.725 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	378
Entropy (8bit):	5.214582700931436
Encrypted:	false
SSDEEP:	6:mhoOVq2PN723iKKdK25+Xqx8chI+IFUtpicgZmwPiGuIkwON723iKKdK25+Xqx8E:kVvVa5KkTXfchI3FUtp5g/P5uI5Oa5KN
MD5:	5C1CDFA4E77B7D8EE53D7DC5C343FE11
SHA1:	0D7162E455EB60833167476FC602B160F19C390B
SHA-256:	67BF6A8FAA7CF3016BDA949DB853ACD3D40E036D603834FF06CA258B45183338
SHA-512:	78292B661649AAC0CCE2AA94C53B11A257EAD82A5D44DF105FCE3BE9D08CC847117BBC6051657948178BC7A5A6FFFF8A0EC979394D9912DB1F872C46688C7F89
Malicious:	false
Preview:	2021/08/03-22:11:39.721 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/08/03-22:11:39.724 1bd0 Recovering log #3.2021/08/03-22:11:39.725 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	364
Entropy (8bit):	5.183540187692892
Encrypted:	false
SSDEEP:	6:mhbVq2PN723iKKdK25+XuoIFUtpiuVSgZmwPi7YIkwON723iKKdK25+XuxWLJ:uVvVa5KkTXYFUtpVSg/PhI5Oa5KkTXHJ
MD5:	F4C1A72DC549F7B00EDD61871B24EFF6
SHA1:	069CF52823BB150DAE547DC556427A26C0955347
SHA-256:	FDAEBD9494A25FDE2E48AC9637B77F9F6EE30EEC20F7F8B108082BBC4DC3FBFE
SHA-512:	8A605D2EB1FB589F25152042A0B1CA27C63E8C32C41E3A956A306911E396FB9EBF00F96CA79F68CA68FB5954CC146DD40238BCE42C77381062A9565BCF320BA8
Malicious:	false
Preview:	2021/08/03-22:11:39.712 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/08/03-22:11:39.714 1bd0 Recovering log #3.2021/08/03-22:11:39.715 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	364
Entropy (8bit):	5.183540187692892
Encrypted:	false
SSDEEP:	6:mhbVq2PN723iKKdK25+XuoIFUtpiuVSgZmwPi7YIkwON723iKKdK25+XuxWLJ:uVvVa5KkTXYFUtpVSg/PhI5Oa5KkTXHJ
MD5:	F4C1A72DC549F7B00EDD61871B24EFF6
SHA1:	069CF52823BB150DAE547DC556427A26C0955347
SHA-256:	FDAEBD9494A25FDE2E48AC9637B77F9F6EE30EEC20F7F8B108082BBC4DC3FBFE
SHA-512:	8A605D2EB1FB589F25152042A0B1CA27C63E8C32C41E3A956A306911E396FB9EBF00F96CA79F68CA68FB5954CC146DD40238BCE42C77381062A9565BCF320BA8
Malicious:	false
Preview:	2021/08/03-22:11:39.712 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/08/03-22:11:39.714 1bd0 Recovering log #3.2021/08/03-22:11:39.715 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.233147869979908
Encrypted:	false
SSDEEP:	6:mh3YVq2PN723iKKdKWT5g1IdqIFUtpiKgZmwPizIkwON723iKKdKWT5g1I3ULJ:uYVvVa5Kkg5gSRFUtpfg/PGI5Oa5Kkgk
MD5:	F351FFF3A20E643E2219C2E035A3632F
SHA1:	263E6535A47B63F97D51D14B86DEA74108678E63
SHA-256:	6544C60983ECD4BDFD95A21BD3F79DDF054C521287B1818FA2806C00F8D3E449
SHA-512:	858075F40FB92FF49C87BC9248C7FFECD67CA292FE32B6E4B329CA52701F126B1D776C0A109566CB9CCFA7493AFAAD03531EDCA6062FD4F42285DC5644F6BDEB
Malicious:	false
Preview:	2021/08/03-22:11:39.694 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/03-22:11:39.696 1bd0 Recovering log #3.2021/08/03-22:11:39.697 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.oldl (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.233147869979908
Encrypted:	false
SSDEEP:	6:mh3YVq2PN723iKKdKWT5g1IdqIFUtpiKgZmwPizIkwON723iKKdKWT5g1I3ULJ:uYVvVa5Kkg5gSRFUtpfg/PGI5Oa5Kkgk
MD5:	F351FFF3A20E643E2219C2E035A3632F
SHA1:	263E6535A47B63F97D51D14B86DEA74108678E63
SHA-256:	6544C60983ECD4BDFD95A21BD3F79DDF054C521287B1818FA2806C00F8D3E449
SHA-512:	858075F40FB92FF49C87BC9248C7FFECD67CA292FE32B6E4B329CA52701F126B1D776C0A109566CB9CCFA7493AFAAD03531EDCA6062FD4F42285DC5644F6BDEB
Malicious:	false
Preview:	2021/08/03-22:11:39.694 1bd0 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/03-22:11:39.696 1bd0 Recovering log #3.2021/08/03-22:11:39.697 1bd0 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.1339772063781381
Encrypted:	false
SSDEEP:	12:TL+A/g83BvoWNHPcNuQ7CGI/6NCBvoWNHw:TLxg83toWNvIuYFotoWNQ
MD5:	4926C3C08F0992A2885FAB82FB41E0F7
SHA1:	203AFA7A6B083D5FE8C75C3B8E9CC9464FE49194
SHA-256:	738640CD34724DEF0511DD48651E475D975108355E0CEE3B9FBC1855AFE29F93
SHA-512:	9CEF19942F207DBA5195DF82D83BD7E99A0B38FB5A584676CE541F3907C9693A238ADEE35F91ABD069D190C36B7AB993F9C0FF01B6E1F280C7487CC300F66DC7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	749
Entropy (8bit):	5.299501176030759
Encrypted:	false
SSDEEP:	12:Plmccy3JpglT2Niv62xxkzMSjnzmWYp0m9C1+puHaIoV3AasAcKBk778B/xgskZU:PlL93g8Nx+kzNDlGBsw9I23HVcIY78Bv
MD5:	9C8E2D2E7514062015EF4029368F6859
SHA1:	37E1720DC30252A9D45F59E724328FC17E9F78C2
SHA-256:	99A2ABD8D95FFC9C9D62FDFDE96F0648BE84EEA1295A50A82E4B13B0C916787E
SHA-512:	DD86E608DDE64210688FCD612F72A95C324CB6A74256EB4E73D5312FCC67E478A81A6AB4206062E5FC978E11473F689487B9E11A88E1720E9BB0CFF6F7932B38
Malicious:	false
Preview:	............"Z....001005l..c..desktop..user..file..for..hsbc..htm..outstanding..payment..slip..users........001005l......c......desktop......user......file......for......hsbc......htm......outstanding......payment......slip......users..2.........0........1........5........a.........b........c.........d.........e............f.........g.........h.........i...........k........l..........m.........n..........o..........p..........r..........s............t...........u.........y...:n..............................................................................................................B{...w...... .......Sfile:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm2.:...............J.............."'/48DL

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	42076
Entropy (8bit):	0.11701093654223581
Encrypted:	false
SSDEEP:	12:hSzvqLBj/R2cM3lR4nMWQfy9LCBQZ8fO1DO:6qLBRY3AtNCTfuS
MD5:	DB320BA4B55946F30DBFAA676721B942
SHA1:	C64C6E4B0E57E01B673078C1E47BF5AB86903422
SHA-256:	FA3C1E2FF5466370F52F85F8F5E392AEAFFCAA7FBA6E75CB37A2A4218203A25C
SHA-512:	CE2E9F282C22623D033866B37451754B6AF2C0C87B6F1EEE21B7367F194865261D9354898BBFCC2AC8F1E9DAA0BFC8229B9958ED5EFFE9136793B7790E1B439D
Malicious:	false
Preview:	............>KbP........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1449
Entropy (8bit):	3.557234664480235
Encrypted:	false
SSDEEP:	24:34S6fRxlrlo6+UtoWNNu/+qiqZUtoWNGtlLlLlLlrlLlLlLlrlLlLlL:34NfJxo6+OQ/+qOGXRRRxRRRxRRL
MD5:	D960FEB16A5AA3FF949DE8FB94F2D0E9
SHA1:	5E1B3FE411A26CB7B7610EA9246A2A7583E3E510
SHA-256:	F56116C0893F28D066AC29C93C9B5DBCB67F2C8FCEEE5AB2A0713F9702233961
SHA-512:	119E6ADE2F7EE4227BF142A3DF8355E79208DEB615CB2EFB83B2A8A4CA20EFC4705B66F330AF2CE1D7E2860AD6B8BA2CA8616A8CE7899765E64728F8609E6B95
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...e470974b_276b_47c3_b204_20161ce8a39c.......................@.v................................................................................5..0.......&...{68ADBCFB-ED3C-4AA1-B80C-ADD502B6FA85}............................S...file:///C:/Users/user/Desktop/HSBC_Payment_slip_for%20Outstanding%20001005l.htm.....................................................h.......`........................................................S.....S....P.......h...................................S...f.i.l.e.:./././.C.:./.U.s.e.r.s./.e.n.g.i.n.e.e.r./.D.e.s.k.t.o.p./.H.S.B.C._.P.a.y.m.e.n.t._.s.l.i.p._.f.o.r.%.2.0.O.u.t.s.t.a.n.d.i.n.g.%.2.0.0.0.1.0.0.5.l...h.t.m...................................8.......0.......8....................................................................... .......................................................S...file:///C:/Users/user/Desktop/HSBC_Payme

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabs (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2955
Entropy (8bit):	5.467362523182322
Encrypted:	false
SSDEEP:	48:UxEnkwGpNsa7NsMBD8dbZWVeLbQSefgG6YNrS0U9RdiN9L:UaLa7aMKdbEVeLbQ5fgGvrS0d
MD5:	DC9FECB8300D6BD0646DB7FC2F4B94A3
SHA1:	C104E1F8A2BEF18FED6A764569397D86F955648C
SHA-256:	B652AB9B8711797988A472DBCA75986219A1DEE3869F696FCA45A91ED957AD76
SHA-512:	B6CEEC78EB1717376B6F13128C0F7D153C01FFBF0C646145E246EB8BFE4D08AD42B4BBB5CAA02434DDC6E210EF31584D58EBFBD12C3E36F0D9477B7C85AE1EDC
Malicious:	false
Preview:	.\TL...*............8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..............Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..582882000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-08-03 22:11:41.16][INFO][mr.Init] MR instance ID: ac8f3887-45d1-4b00-afe8-49980f30ac40\n","[2021-08-03 22:11:41.16][INFO][mr.Init] Native Cast MRP is disabled.\n","[2021-08-03 22:11:41.16][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021-08-03 22:11:41.17][INFO][mr.PersistentDataManager] removeTemporary_: 163 chars used\n","[2021-08-03 22:11:41.17][INFO][mr.PersistentDataManager] initialize: 163 chars used, 67 other chars\n","[2021-08-03 22:11:41.17][INFO][mr.CastProvider] Query enabled: true\n","[2021-08-03 22:11:41.17][INFO][mr.CloudProvider]

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.127540577941958
Encrypted:	false
SSDEEP:	6:mJ0d3+q2PN723iKKdK8a2jMGIFUtpYUZZmwPYvitVkwON723iKKdK8a2jMmLJ:zdOvVa5Kk8EFUtpLZ/P8iT5Oa5Kk8bJ
MD5:	C7E74CFE4A18C5D382FB0314EDFB90FF
SHA1:	BFFD06EBBAC4A9EEEA7360BE330CD1B544B8A412
SHA-256:	7FD521EFD98DB931FA980E2F6C145934D9E2C44D83E1985CB0361D08167191F1
SHA-512:	30ED73572893600A505ADA97D63F2BEE04F7F8800214470D64FE03C53DF033774D96F0AAAB9B1BFE8A50FCDE0A74925C09C302709AC0C861263DBCF0A9B6B603
Malicious:	false
Preview:	2021/08/03-22:11:21.315 748 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/03-22:11:21.320 748 Recovering log #3.2021/08/03-22:11:21.331 748 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldTM (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.127540577941958
Encrypted:	false
SSDEEP:	6:mJ0d3+q2PN723iKKdK8a2jMGIFUtpYUZZmwPYvitVkwON723iKKdK8a2jMmLJ:zdOvVa5Kk8EFUtpLZ/P8iT5Oa5Kk8bJ
MD5:	C7E74CFE4A18C5D382FB0314EDFB90FF
SHA1:	BFFD06EBBAC4A9EEEA7360BE330CD1B544B8A412
SHA-256:	7FD521EFD98DB931FA980E2F6C145934D9E2C44D83E1985CB0361D08167191F1
SHA-512:	30ED73572893600A505ADA97D63F2BEE04F7F8800214470D64FE03C53DF033774D96F0AAAB9B1BFE8A50FCDE0A74925C09C302709AC0C861263DBCF0A9B6B603
Malicious:	false
Preview:	2021/08/03-22:11:21.315 748 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/03-22:11:21.320 748 Recovering log #3.2021/08/03-22:11:21.331 748 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2374
Entropy (8bit):	4.888884611800615
Encrypted:	false
SSDEEP:	48:YALteBdpNntwTCXDHzMXOcslTsiRLsNKSPsIyKsD3zsAMHSYhbG:2lNnOTCXDHzMXOJzdA2dG3hS
MD5:	33CFEA017929762D131E375562EF5D08
SHA1:	C096F7AA4D6EA4FB82682E8064B71F1486E059A2
SHA-256:	A77715CFC14053A3FF2F562174AFC687D9B285D2FD1AC2AFCC571DE38FE8C53A
SHA-512:	5D9E2EFA48776A400D60C82B6C0E96A911427594AA0D5804689970F1697AEC27D81193182EA61EED314B0C04844A7633C966B531A6038CE4A3607986CA10FA50
Malicious:	false
Preview:	{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"isolation":[],"server":"https://logincdn.msauth.net","supports_spdy":true},{"isolation":[],"server":"https://aadcdn.msftauth.net","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"1327511948

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent StateTM (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2825
Entropy (8bit):	4.86435102445835
Encrypted:	false
SSDEEP:	48:YALtdpBeMsNMHK5sJDysACs37sHWsd5/sSYMHCKs/MHCzsSOMHwsSJtFsX3RLs9D:HQxGKWDS1i/5vYGmGqOGKJ03QshS
MD5:	95488A82D5073BDAAFC1480073FF801F
SHA1:	E2E979B6D4A3EE16A815115C414D0A98E1DFA93F
SHA-256:	C091AE68AFCD5EC632B2C324B983D70F722463CB4D05A3CE8D52E07AA7E5A5D6
SHA-512:	D536466352320C5D394130A59B605617580050CDF325C4B3392D87D384C246E9D8C54FC16A247FF4B379F162536304E0D312D7781FFE245C643C5081B8BE08CD
Malicious:	false
Preview:	{"net":{"http_server_properties":{"broken_alternative_services":[{"broken_count":1,"host":"accounts.google.com","isolation":[],"port":443,"protocol_str":"quic"},{"broken_count":1,"host":"www.google.com","isolation":[],"port":443,"protocol_str":"quic"}],"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952675493","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":32613},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952813644","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952748754","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248544952634896","port":443,"protocol_str":"quic"}],"isolation":[],"server"

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.161462586283477
Encrypted:	false
SSDEEP:	6:mJ8q2PN723iKKdKgXz4rRIFUtpYVFZZmwPYwFkwON723iKKdKgXz4q8LJ:5vVa5KkgXiuFUtp8Z/PX5Oa5KkgX2J
MD5:	C7E819DE8221845182663A2E06367D26
SHA1:	D064EC4A2BF0C81584282A0FFD6F723D4092EEA0
SHA-256:	D9AB14E0E7DB5F8CE96D8B1A0ED270CF632BD987EC038010C0601272DD9581A3
SHA-512:	B4793A628F36DA0E78362229FF90561C36CFE4105CFC954D167560BD280C54777231CFF8FB65F57956D0DDA2588134FF98017D3FD44A2ABDC75D1723A6E50FB8
Malicious:	false
Preview:	2021/08/03-22:11:21.792 c60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/08/03-22:11:21.796 c60 Recovering log #3.2021/08/03-22:11:21.797 c60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	337
Entropy (8bit):	5.161462586283477
Encrypted:	false
SSDEEP:	6:mJ8q2PN723iKKdKgXz4rRIFUtpYVFZZmwPYwFkwON723iKKdKgXz4q8LJ:5vVa5KkgXiuFUtp8Z/PX5Oa5KkgX2J
MD5:	C7E819DE8221845182663A2E06367D26
SHA1:	D064EC4A2BF0C81584282A0FFD6F723D4092EEA0
SHA-256:	D9AB14E0E7DB5F8CE96D8B1A0ED270CF632BD987EC038010C0601272DD9581A3
SHA-512:	B4793A628F36DA0E78362229FF90561C36CFE4105CFC954D167560BD280C54777231CFF8FB65F57956D0DDA2588134FF98017D3FD44A2ABDC75D1723A6E50FB8
Malicious:	false
Preview:	2021/08/03-22:11:21.792 c60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/08/03-22:11:21.796 c60 Recovering log #3.2021/08/03-22:11:21.797 c60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences8 (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesd\ (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5496
Entropy (8bit):	5.175595425494836
Encrypted:	false
SSDEEP:	96:nj4XbGqV9KTGSOLaAKIHP8xk0JCKL8robOTQVuwn:nj4XbF9KpOL9hs4Ksa
MD5:	C41593D95383AF2A8CCE0F4E28B3F218
SHA1:	B088B5D947C41C4D14EBFFBB2F31D0A7608824EC
SHA-256:	5A4CB5CEFA26B2BCE83D56A1712F45FB5C56CE92C9A6D7E58ECE75378EBAB786
SHA-512:	C427A3AC4EFA2CF05294ADD635BEAC3A4650D18F42F9F006669C755A29E93CF03DFD90D1CB2F8F43CD2BB0450AD4108EB20B27F51263F9EA7C5E725965F241FE
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesn (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencest (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	1.0030008512670447
Encrypted:	false
SSDEEP:	48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGURTG3:wIElwQF8mpcSdy3
MD5:	41FDE06D7C69E1479DE0603B40CAF154
SHA1:	0294F423A398506330104C380AD8AA0D83F51E0A
SHA-256:	D0A0E0DF67B1F8F5CE8666FA576639FAD2511B5237CFEF5C3D98516A2FB0BA99
SHA-512:	40AF18B552499FA5B15EB34857771938E4886A9E143B3DD3D38907CC3A6476C55E31850FBF628E42C4734DC8D8571CB1183896EFC9B60D65C2F7FA60635C8AC6
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	21044
Entropy (8bit):	0.8261993855104639
Encrypted:	false
SSDEEP:	48:OIqkIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGUN6:OIhIElwQF8mpcSU
MD5:	10472BE8F08EB03FA3AD7558D24B7D45
SHA1:	B68A3A71FB1BBDF5CD24D46223BCEB2C25E99614
SHA-256:	D4781F955F5CAAAAE8E2FB1FB4AE84FA9DC4A24D98AA61FAF46E06A54A5AA927
SHA-512:	B8347B3E95ADE3A987BA284C4709E40889F19E9F21B3FF4FA596DF15BDBF64BE7E2726C49D333BA894798EDE0A9C77E2F7E770ED9B8301196FFFBD43364CAFBA
Malicious:	false
Preview:	.............@D.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22595
Entropy (8bit):	5.536291180951369
Encrypted:	false
SSDEEP:	384:nLAtYLl1+Xc1kXqKf/pUZNCgVLH2HfDYrU2HGunTc1jeE/4LX:FLlqc1kXqKf/pUZNCgVLH2HfMrUWGunp
MD5:	423EA499606FD56E479401BB98E20D29
SHA1:	948680898BF179E5970B867F5054B9D9AEB65084
SHA-256:	50E2A1C2C55EBABC21E3218DF690A73E03BE6301AA47372A836AEA3A41345114
SHA-512:	52A8A53B9DA5EFE9A9E5F78B6DE8DCE54F1DB847A22B767D1117C8D4B097AA9095B5915E35251949212D4F4A7D3B7019D7B4FC7E1C926E35570E6C77069396A7
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272527481250780","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesTM (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.536321923352899
Encrypted:	false
SSDEEP:	384:nLAtYLl1+Xc1kXqKf/pUZNCgVLH2HfDYrU2HGtnTc1jIE/4LY:FLlqc1kXqKf/pUZNCgVLH2HfMrUWGtng
MD5:	C3DCB302EF7DDB8969844ECD6CCC452F
SHA1:	A049F764A0E716322C6AE9B9CF4BAE2BF686A3DD
SHA-256:	52C2986438CACC37A3BFB1155887FD432882F9A961D00462ABA61AFD0C0EC4D1
SHA-512:	F54CAAC4156DAEECB406C311896072BCF9E0CD17107271C816CE437F70E88ED2A6CC7BC667AE0ADD98F870321587B61E6E2BA6175E72A914E1FA7C83B65C2C4C
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272527481250780","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesgh (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	16745
Entropy (8bit):	5.577685019903162
Encrypted:	false
SSDEEP:	384:nLAtpLl1+Xc1kXqKf/pUZNCgVLH2HfDYrUe1jQE/42:uLlqc1kXqKf/pUZNCgVLH2HfMrUeFQE9
MD5:	0B81E99FDFA02DFF1EAC1F1A617C59A8
SHA1:	3BEB3138A5FC5FDAA50C801EF5C8322885B872B6
SHA-256:	CB062907F689AD7C78077021BF65B18BD9FD90423EFE366C1CBFE6535C7036B9
SHA-512:	B564B211DF5751814408EF6F0A6E8D52A8E4DB642E49D5D3E0AC84EC99594EA1FB14728EC267B73DAB84B8B301D5797ABC7FF4579F7430EA51B6E1E69D1E97CA
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272527481250780","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljljljljljl:5ljljljljljl
MD5:	1B4FA89099996CE3C9E5A0A9768230E8
SHA1:	9026E1E0906E3B3FE0E414EE814CC5A042807A04
SHA-256:	537818AAFD0902A8B2D58B483674391E33E762B5E1E8CD226D873098CCE9C8F9
SHA-512:	4279C9380ACC5AB329EC6BCDA10CCF0A7437CEF63845B63E741CE517042CFE83340D2D362DD6B9E039BF55E61F484CCF72B8FD8477D1D0292E0B879CB949461B
Malicious:	false
Preview:	..&f.................&f.................&f.................&f.................&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.098869894765389
Encrypted:	false
SSDEEP:	6:mJiDq2PN723iKKdKrQMxIFUtpYicEV9ZmwPYikPkwON723iKKdKrQMFLJ:rDvVa5KkCFUtp7c89/P7kP5Oa5KktJ
MD5:	4823A7A8E300D7E604D0DD5427E40687
SHA1:	1C1E0BBBA93FB7A7E532FD64A0BD5E1D77EB3DEB
SHA-256:	FE7E8D5121CF3C21EBA8712B9C048A0AB65719DC90A6F3AFFE3C12AB2C5B9997
SHA-512:	FA3F68AE4FE61A6E5D521984B01726C24890DDBB69EC6009A10635784BC737D2A21ED1196036D85EFA44BF97B627312CFDCCE954DA6A921123E518655B287B2E
Malicious:	false
Preview:	2021/08/03-22:11:21.435 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/03-22:11:21.436 1804 Recovering log #3.2021/08/03-22:11:21.437 1804 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.098869894765389
Encrypted:	false
SSDEEP:	6:mJiDq2PN723iKKdKrQMxIFUtpYicEV9ZmwPYikPkwON723iKKdKrQMFLJ:rDvVa5KkCFUtp7c89/P7kP5Oa5KktJ
MD5:	4823A7A8E300D7E604D0DD5427E40687
SHA1:	1C1E0BBBA93FB7A7E532FD64A0BD5E1D77EB3DEB
SHA-256:	FE7E8D5121CF3C21EBA8712B9C048A0AB65719DC90A6F3AFFE3C12AB2C5B9997
SHA-512:	FA3F68AE4FE61A6E5D521984B01726C24890DDBB69EC6009A10635784BC737D2A21ED1196036D85EFA44BF97B627312CFDCCE954DA6A921123E518655B287B2E
Malicious:	false
Preview:	2021/08/03-22:11:21.435 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/03-22:11:21.436 1804 Recovering log #3.2021/08/03-22:11:21.437 1804 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	351
Entropy (8bit):	5.1404992255052235
Encrypted:	false
SSDEEP:	6:mJkq3+q2PN723iKKdK7Uh2ghZIFUtpYkTViHZZmwPYkTWo7VkwON723iKKdK7Uh9:VvVa5KkIhHh2FUtpju/PHh5Oa5KkIhHd
MD5:	CE668826110BA9155C0FA7AE144527A5
SHA1:	8B4CE886B1592DA99E4DD33D0B284B650FF156B3
SHA-256:	23EF2A27A85748EA1EA5142DF04261590927E74F2485E9C25B763C00E8FA9925
SHA-512:	65B2719E87AC3ABA6EBB707D12CF023800EE91D1C3C626E35D7F9C33E16D73AB76FD27349E1ED6FDA02B1A51F5937B5FB6A91337156F8D302EC6E80851ABB0DD
Malicious:	false
Preview:	2021/08/03-22:11:21.259 748 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/03-22:11:21.262 748 Recovering log #3.2021/08/03-22:11:21.263 748 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	351
Entropy (8bit):	5.1404992255052235
Encrypted:	false
SSDEEP:	6:mJkq3+q2PN723iKKdK7Uh2ghZIFUtpYkTViHZZmwPYkTWo7VkwON723iKKdK7Uh9:VvVa5KkIhHh2FUtpju/PHh5Oa5KkIhHd
MD5:	CE668826110BA9155C0FA7AE144527A5
SHA1:	8B4CE886B1592DA99E4DD33D0B284B650FF156B3
SHA-256:	23EF2A27A85748EA1EA5142DF04261590927E74F2485E9C25B763C00E8FA9925
SHA-512:	65B2719E87AC3ABA6EBB707D12CF023800EE91D1C3C626E35D7F9C33E16D73AB76FD27349E1ED6FDA02B1A51F5937B5FB6A91337156F8D302EC6E80851ABB0DD
Malicious:	false
Preview:	2021/08/03-22:11:21.259 748 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/03-22:11:21.262 748 Recovering log #3.2021/08/03-22:11:21.263 748 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\8b82acec-f064-4432-9f97-dd5df07ab2d2.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.95629898779197
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5kjxZsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdSZsBdLJlyH7E4f3K33y
MD5:	D5BB2F0F1694209F0C6AE5BA44DAC338
SHA1:	41B2CDE10C8937FC9607E608AF65EDF709033350
SHA-256:	20FC2ED4DA8AC625B83B6B84C1B88B534BC35B18DC8BD7521C66FFDABAB53738
SHA-512:	A713918E0F88AE62AFAC2A6202107CF547B962900BCB779C7C5C2C8A228C140AAC5191A50BDAF5718EAAE91446DB21648CF2A7B967B9029AF16F13E923FD6EE2
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544897343531","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	433
Entropy (8bit):	5.244327548081346
Encrypted:	false
SSDEEP:	6:mJiI3+q2PN723iKKdKusNpV/2jMGIFUtpYieZmwPYiaVkwON723iKKdKusNpV/23:rZvVa5KkFFUtp7e/P7S5Oa5KkOJ
MD5:	A045B4FF05CB841CC25BCB6AD0712EF8
SHA1:	EAD7EECE97F5BA558071594DCEE86D77D4816F92
SHA-256:	722E4E7B1ED1961B1D7FF8DA5D4B0E4A161CC698328B0170A7481599A517A8F7
SHA-512:	EF1EE79375BDE4EBA10DEBB25AAD61576F307B2D621639901ADE623F9A820BB7132F14B982ED7A553425F3D165E4ECAF0FE6822E212196BDE85558EBF88E2D7F
Malicious:	false
Preview:	2021/08/03-22:11:21.497 748 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/03-22:11:21.499 748 Recovering log #3.2021/08/03-22:11:21.499 748 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old.. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	433
Entropy (8bit):	5.244327548081346
Encrypted:	false
SSDEEP:	6:mJiI3+q2PN723iKKdKusNpV/2jMGIFUtpYieZmwPYiaVkwON723iKKdKusNpV/23:rZvVa5KkFFUtp7e/P7S5Oa5KkOJ
MD5:	A045B4FF05CB841CC25BCB6AD0712EF8
SHA1:	EAD7EECE97F5BA558071594DCEE86D77D4816F92
SHA-256:	722E4E7B1ED1961B1D7FF8DA5D4B0E4A161CC698328B0170A7481599A517A8F7
SHA-512:	EF1EE79375BDE4EBA10DEBB25AAD61576F307B2D621639901ADE623F9A820BB7132F14B982ED7A553425F3D165E4ECAF0FE6822E212196BDE85558EBF88E2D7F
Malicious:	false
Preview:	2021/08/03-22:11:21.497 748 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/03-22:11:21.499 748 Recovering log #3.2021/08/03-22:11:21.499 748 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.95629898779197
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5kjxZsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdSZsBdLJlyH7E4f3K33y
MD5:	D5BB2F0F1694209F0C6AE5BA44DAC338
SHA1:	41B2CDE10C8937FC9607E608AF65EDF709033350
SHA-256:	20FC2ED4DA8AC625B83B6B84C1B88B534BC35B18DC8BD7521C66FFDABAB53738
SHA-512:	A713918E0F88AE62AFAC2A6202107CF547B962900BCB779C7C5C2C8A228C140AAC5191A50BDAF5718EAAE91446DB21648CF2A7B967B9029AF16F13E923FD6EE2
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544897343531","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	438
Entropy (8bit):	5.228202408550959
Encrypted:	false
SSDEEP:	6:mJzyq2PN723iKKdKusNpqz4rRIFUtpYuVvz/1ZmwPYuVUxpRkwON723iKKdKusN9:gyvVa5KkmiuFUtp3NZ/P3kR5Oa5Kkm2J
MD5:	BCB6FBB3464FE44DE504016C6EF764BA
SHA1:	8747760E46F5D732F62CBD6D3BE554C347B6253D
SHA-256:	8306327FAC15C5FF03BFBA45C92AEFE8A69EC22A3CA09A275DDE69C46F4181F4
SHA-512:	1CB5BDFE7EE2F434CC31EC0CAD588C36A601EE4B18E3592AE679381DF804FC60794287236B47E7DD0C1BBCC489D7559B0A7F1110A07BEE5477322C0F18BF6278
Malicious:	false
Preview:	2021/08/03-22:11:21.799 1294 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/08/03-22:11:21.800 1294 Recovering log #3.2021/08/03-22:11:21.801 1294 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	438
Entropy (8bit):	5.228202408550959
Encrypted:	false
SSDEEP:	6:mJzyq2PN723iKKdKusNpqz4rRIFUtpYuVvz/1ZmwPYuVUxpRkwON723iKKdKusN9:gyvVa5KkmiuFUtp3NZ/P3kR5Oa5Kkm2J
MD5:	BCB6FBB3464FE44DE504016C6EF764BA
SHA1:	8747760E46F5D732F62CBD6D3BE554C347B6253D
SHA-256:	8306327FAC15C5FF03BFBA45C92AEFE8A69EC22A3CA09A275DDE69C46F4181F4
SHA-512:	1CB5BDFE7EE2F434CC31EC0CAD588C36A601EE4B18E3592AE679381DF804FC60794287236B47E7DD0C1BBCC489D7559B0A7F1110A07BEE5477322C0F18BF6278
Malicious:	false
Preview:	2021/08/03-22:11:21.799 1294 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/08/03-22:11:21.800 1294 Recovering log #3.2021/08/03-22:11:21.801 1294 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	421
Entropy (8bit):	5.22088082657929
Encrypted:	false
SSDEEP:	6:mvmXq2PN723iKKdKusNpZQMxIFUtpsmYZmwPsmEGnkwON723iKKdKusNpZQMFLJ:8mXvVa5KkMFUtpsmY/Psmvn5Oa5KkTJ
MD5:	7486AA213617A78EFDCB4284C7DB2F83
SHA1:	6FEDD32DE29BCD691E7CC497A54DF46084DC041A
SHA-256:	DDEEDCA0041FA4A649DBC87F297883ED215BC08D82AC198B2D35CEFDA0BCB88D
SHA-512:	45F4E40AED2AD86935E7BF4AD2F76BBF4D8EF15F71D71ADAB87BAB7980A7978DF2E5F2CCD1BE6D13B0ED5019D646BC9D3334000B64E698B1DFF4C07DB221509F
Malicious:	false
Preview:	2021/08/03-22:11:37.726 c60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/08/03-22:11:37.728 c60 Recovering log #3.2021/08/03-22:11:37.729 c60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	421
Entropy (8bit):	5.22088082657929
Encrypted:	false
SSDEEP:	6:mvmXq2PN723iKKdKusNpZQMxIFUtpsmYZmwPsmEGnkwON723iKKdKusNpZQMFLJ:8mXvVa5KkMFUtpsmY/Psmvn5Oa5KkTJ
MD5:	7486AA213617A78EFDCB4284C7DB2F83
SHA1:	6FEDD32DE29BCD691E7CC497A54DF46084DC041A
SHA-256:	DDEEDCA0041FA4A649DBC87F297883ED215BC08D82AC198B2D35CEFDA0BCB88D
SHA-512:	45F4E40AED2AD86935E7BF4AD2F76BBF4D8EF15F71D71ADAB87BAB7980A7978DF2E5F2CCD1BE6D13B0ED5019D646BC9D3334000B64E698B1DFF4C07DB221509F
Malicious:	false
Preview:	2021/08/03-22:11:37.726 c60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/08/03-22:11:37.728 c60 Recovering log #3.2021/08/03-22:11:37.729 c60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\5fb122e3-dcc1-45f3-9060-44c74a3ebcc2.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.958114650763609
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV59YIEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdXXEsBdLJlyH7E4f3K33y
MD5:	F08847672DDD58749FE32FEFD1DBBAE9
SHA1:	C4C1750B297311628D53B0D3DD473F3EDD6019E9
SHA-256:	4165A9C7A2CA81E34A969C02FC75FFA899F49A5B04899EBA10E341C44839CC90
SHA-512:	541C4ADF3A92398F61F1E90C9995FD9CCB668FF51F578968C6CCD73AB81AB24668D969A9F98A1B529F631022EF4A3D224D76B4EDCB656ADADB27A7E4065395A0
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544901990438","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	436
Entropy (8bit):	5.180460468482634
Encrypted:	false
SSDEEP:	12:OvVa5KkkGHArBFUtpb/Pfs5Oa5KkkGHAryJ:MVa5KkkGgPgcOa5KkkGga
MD5:	B3167151ABF84FB8FBA354879D0EBA23
SHA1:	C9468C8ABE803E03A912E58231A6230715D854B8
SHA-256:	5AF6CA87301ECE428DBE41D63AC512436AE080DA22950243988578B17FA48D17
SHA-512:	AE99EB80B4FF0E1087883514FD1E69BB9FA9AED24C7A28D809463632EAC3B02B2D6FD20C3BCA09C353A7F27037160277427C267AA72D64B80F85197C5894CF60
Malicious:	false
Preview:	2021/08/03-22:11:39.372 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/08/03-22:11:39.376 1804 Recovering log #3.2021/08/03-22:11:39.377 1804 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.oldg (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	436
Entropy (8bit):	5.180460468482634
Encrypted:	false
SSDEEP:	12:OvVa5KkkGHArBFUtpb/Pfs5Oa5KkkGHAryJ:MVa5KkkGgPgcOa5KkkGga
MD5:	B3167151ABF84FB8FBA354879D0EBA23
SHA1:	C9468C8ABE803E03A912E58231A6230715D854B8
SHA-256:	5AF6CA87301ECE428DBE41D63AC512436AE080DA22950243988578B17FA48D17
SHA-512:	AE99EB80B4FF0E1087883514FD1E69BB9FA9AED24C7A28D809463632EAC3B02B2D6FD20C3BCA09C353A7F27037160277427C267AA72D64B80F85197C5894CF60
Malicious:	false
Preview:	2021/08/03-22:11:39.372 1804 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/08/03-22:11:39.376 1804 Recovering log #3.2021/08/03-22:11:39.377 1804 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent StateD (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.958114650763609
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV59YIEsDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdXXEsBdLJlyH7E4f3K33y
MD5:	F08847672DDD58749FE32FEFD1DBBAE9
SHA1:	C4C1750B297311628D53B0D3DD473F3EDD6019E9
SHA-256:	4165A9C7A2CA81E34A969C02FC75FFA899F49A5B04899EBA10E341C44839CC90
SHA-512:	541C4ADF3A92398F61F1E90C9995FD9CCB668FF51F578968C6CCD73AB81AB24668D969A9F98A1B529F631022EF4A3D224D76B4EDCB656ADADB27A7E4065395A0
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248544901990438","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	5.179770146748672
Encrypted:	false
SSDEEP:	12:fL+vVa5KkkGHArqiuFUtphXW/P2LV5Oa5KkkGHArq2J:wVa5KkkGgCgfOa5KkkGg7
MD5:	33EB481731D876B3CBA1A5ACA652C2D0
SHA1:	EBBDCF73B314BD7DF5AEC68E910E16A824A30732
SHA-256:	1BD9C531EE37307DC81F55870702211372B00ED63F7DDAED3F56F1FA902BC195
SHA-512:	44EC580567ED23EBCC9C6C50203DEC59B65277F881D473FED9FD940665B311775740872F45A0D543EB0239D1CA9BA693866D29F0F8EBBD8F7A05E8A56FA97B89
Malicious:	false
Preview:	2021/08/03-22:11:39.376 53c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/08/03-22:11:39.380 53c Recovering log #3.2021/08/03-22:11:39.382 53c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.oldNE (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	435
Entropy (8bit):	5.179770146748672
Encrypted:	false
SSDEEP:	12:fL+vVa5KkkGHArqiuFUtphXW/P2LV5Oa5KkkGHArq2J:wVa5KkkGgCgfOa5KkkGg7
MD5:	33EB481731D876B3CBA1A5ACA652C2D0
SHA1:	EBBDCF73B314BD7DF5AEC68E910E16A824A30732
SHA-256:	1BD9C531EE37307DC81F55870702211372B00ED63F7DDAED3F56F1FA902BC195
SHA-512:	44EC580567ED23EBCC9C6C50203DEC59B65277F881D473FED9FD940665B311775740872F45A0D543EB0239D1CA9BA693866D29F0F8EBBD8F7A05E8A56FA97B89
Malicious:	false
Preview:	2021/08/03-22:11:39.376 53c Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/08/03-22:11:39.380 53c Recovering log #3.2021/08/03-22:11:39.382 53c Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	421
Entropy (8bit):	5.1604513461124535
Encrypted:	false
SSDEEP:	12:NvVa5KkkGHArAFUtpO/Pi5Oa5KkkGHArfJ:RVa5KkkGgkgVOa5KkkGgV
MD5:	17178DB6B7B855E9188CCCFC5EC63C49
SHA1:	105F64E6F90DA87282344A9F230DDB371E9FEB84
SHA-256:	EEEEDA99F912FFF76898BE3FAE03D763E3FA229206FA271777329E837CB18C46
SHA-512:	ABDA6FD6D0B0C425DDAD30A85E04F4D26137BA4CD1B4FD125C5DA8E82CD7F28C03EE2C1EE76C15AE3F9E58EA7A815878D7D2895A80FAE438CCA1B4011889B4C3
Malicious:	false
Preview:	2021/08/03-22:11:54.684 c60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/08/03-22:11:54.686 c60 Recovering log #3.2021/08/03-22:11:54.686 c60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	421
Entropy (8bit):	5.1604513461124535
Encrypted:	false
SSDEEP:	12:NvVa5KkkGHArAFUtpO/Pi5Oa5KkkGHArfJ:RVa5KkkGgkgVOa5KkkGgV
MD5:	17178DB6B7B855E9188CCCFC5EC63C49
SHA1:	105F64E6F90DA87282344A9F230DDB371E9FEB84
SHA-256:	EEEEDA99F912FFF76898BE3FAE03D763E3FA229206FA271777329E837CB18C46
SHA-512:	ABDA6FD6D0B0C425DDAD30A85E04F4D26137BA4CD1B4FD125C5DA8E82CD7F28C03EE2C1EE76C15AE3F9E58EA7A815878D7D2895A80FAE438CCA1B4011889B4C3
Malicious:	false
Preview:	2021/08/03-22:11:54.684 c60 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/08/03-22:11:54.686 c60 Recovering log #3.2021/08/03-22:11:54.686 c60 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.172277393239594
Encrypted:	false
SSDEEP:	6:mJkTjUEQ+q2PN723iKKdKpIFUtpYklgZmwPYktkQVkwON723iKKdKa/WLJ:OEVvVa5KkmFUtpjg/PwI5Oa5KkaUJ
MD5:	44D1CDE56571812EE527483E4D0311C8
SHA1:	58B0A141E8E2993799F952A4313C4C4AF92549C3
SHA-256:	38BF131FC30663DEB41E6CD21CF418D618F03E457A5504FD68DEDF4E1DA136EE
SHA-512:	EF6AB7706B31BF703F9A74FAADADC58A4FFDE6278A9956CC62D184C9F3B4978C7A4DCB07FFDEE9A47EB46CA3D21698BD1FA3534C1A715A94FEEB2C51167D189A
Malicious:	false
Preview:	2021/08/03-22:11:21.264 1bf8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/08/03-22:11:21.271 1bf8 Recovering log #3.2021/08/03-22:11:21.272 1bf8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	330
Entropy (8bit):	5.172277393239594
Encrypted:	false
SSDEEP:	6:mJkTjUEQ+q2PN723iKKdKpIFUtpYklgZmwPYktkQVkwON723iKKdKa/WLJ:OEVvVa5KkmFUtpjg/PwI5Oa5KkaUJ
MD5:	44D1CDE56571812EE527483E4D0311C8
SHA1:	58B0A141E8E2993799F952A4313C4C4AF92549C3
SHA-256:	38BF131FC30663DEB41E6CD21CF418D618F03E457A5504FD68DEDF4E1DA136EE
SHA-512:	EF6AB7706B31BF703F9A74FAADADC58A4FFDE6278A9956CC62D184C9F3B4978C7A4DCB07FFDEE9A47EB46CA3D21698BD1FA3534C1A715A94FEEB2C51167D189A
Malicious:	false
Preview:	2021/08/03-22:11:21.264 1bf8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/08/03-22:11:21.271 1bf8 Recovering log #3.2021/08/03-22:11:21.272 1bf8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	405
Entropy (8bit):	5.29814015088267
Encrypted:	false
SSDEEP:	12:uBvVa5KkkOrsFUtpeC/Pe55Oa5KkkOrzJ:utVa5Kk+gglrOa5Kkn
MD5:	857A1FF0F9990688FC9C4590D7928D73
SHA1:	7876C70DEE529E7BEF5ED291CF184402D7D9CA93
SHA-256:	15812A0004FF089E0E2401886AD71F43B7778EE22002C4F43A6D743D350B6BD8
SHA-512:	5F5AA619C7A53FC79361BF34C931CFF5463DA29989442FF620EAA1192F09AC32C8F0539B04D968374A0959242F535FE980B8FA7ECD3AF0AA00A0DCD874B5BCA5
Malicious:	false
Preview:	2021/08/03-22:11:41.164 984 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/08/03-22:11:41.166 984 Recovering log #3.2021/08/03-22:11:41.167 984 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	405
Entropy (8bit):	5.29814015088267
Encrypted:	false
SSDEEP:	12:uBvVa5KkkOrsFUtpeC/Pe55Oa5KkkOrzJ:utVa5Kk+gglrOa5Kkn
MD5:	857A1FF0F9990688FC9C4590D7928D73
SHA1:	7876C70DEE529E7BEF5ED291CF184402D7D9CA93
SHA-256:	15812A0004FF089E0E2401886AD71F43B7778EE22002C4F43A6D743D350B6BD8
SHA-512:	5F5AA619C7A53FC79361BF34C931CFF5463DA29989442FF620EAA1192F09AC32C8F0539B04D968374A0959242F535FE980B8FA7ECD3AF0AA00A0DCD874B5BCA5
Malicious:	false
Preview:	2021/08/03-22:11:41.164 984 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/08/03-22:11:41.166 984 Recovering log #3.2021/08/03-22:11:41.167 984 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	874
Entropy (8bit):	5.555589712313329
Encrypted:	false
SSDEEP:	12:YmZ6Hk3O+UAnIvcJeJrNgmh4r+UAnIEJScNnYj+UAnIEORD2R7N+UAnIJImVWFKg:Yc6H0Uhc4G1KUe4aUe0i7wUrz3RUeHQ
MD5:	CE17A082965B9FC15643C0BA510EA367
SHA1:	E669C28427B9811E027C2A17E0F2B9098809C959
SHA-256:	FB59C6C5622931FF3B429E07E32725550F155EE855541F6DA82B6656339DBDE1
SHA-512:	1D74088BC8A4A34815F1493785D0B4DE3CDF8D138789456D67F5EDB725AEA00B4A9443044B1D3949764B33E63D70F385FD4754369CE94ED1124F1E3F14135898
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1633015352.675531,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601479352.675536},{"expiry":1633015352.520557,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601479352.52056},{"expiry":1633015352.455722,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601479352.455726},{"expiry":1659589884.611829,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1628053884.611833},{"expiry":1633015352.814139,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601479352.814142}],"version":2}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.188721875540867
Encrypted:	false
SSDEEP:	3:2ocJ:pcJ
MD5:	87D0E0C07183A0AC6F58D19A0514C05E
SHA1:	12687FD4FF225B84DB5310DC6F8FE5E558EF66A4
SHA-256:	977E71FEED4D3A0384F33FE436D8501B8F0C31934E3D5F796E89A4C55A33AB0F
SHA-512:	CB6AE662ABDA611E9D681D0E21CA38F94EF08505D63DD3BE46093A2721180D3D86C362A584C3566591CC088EC21220ACCC585122D2F59DF1382BF36396922BBB
Malicious:	false
Preview:	......#uhS..

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\bd28ac8b-9d97-4bb3-b886-930e12e17f99.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5496
Entropy (8bit):	5.175595425494836
Encrypted:	false
SSDEEP:	96:nj4XbGqV9KTGSOLaAKIHP8xk0JCKL8robOTQVuwn:nj4XbF9KpOL9hs4Ksa
MD5:	C41593D95383AF2A8CCE0F4E28B3F218
SHA1:	B088B5D947C41C4D14EBFFBB2F31D0A7608824EC
SHA-256:	5A4CB5CEFA26B2BCE83D56A1712F45FB5C56CE92C9A6D7E58ECE75378EBAB786
SHA-512:	C427A3AC4EFA2CF05294ADD635BEAC3A4650D18F42F9F006669C755A29E93CF03DFD90D1CB2F8F43CD2BB0450AD4108EB20B27F51263F9EA7C5E725965F241FE
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d1f78f8b-5d61-455d-9668-afdb9351aefb.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5522
Entropy (8bit):	5.178506809926403
Encrypted:	false
SSDEEP:	96:nj4XbGTV9KTGSOLaAKIHP8xk0JCKL8r+bOTQVuwn:nj4Xbe9KpOL9hs4Kss
MD5:	41257B690C225E26C1D66A5C9863EFA7
SHA1:	4067BB912203E515C9DD8FF5169D6F6D02198BD0
SHA-256:	8A7BE79119FBE192BE92CAE96AB7BF7EA8C823CFF58476FC5A195E017E015D97
SHA-512:	71AEE8B338DEE6C81081B3E3AA5A65485D546588573649F6130BCD3F62018BAEE7B4A89D513480DD18DB8B52769DFB080FCB394BE317355E5A5202E98A6885F6
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272527481481332","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245952891998324","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245952963463509","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1501624"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	16
Entropy (8bit):	3.2743974703476995
Encrypted:	false
SSDEEP:	3:1sjgWIV//Rv:1qIFJ
MD5:	6752A1D65B201C13B62EA44016EB221F
SHA1:	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B
SHA-256:	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
SHA-512:	9CFD838D3FB570B44FC3461623AB2296123404C6C8F576B0DE0AABD9A6020840D4C9125EB679ED384170DBCAAC2FA30DC7FA9EE5B77D6DF7C344A0AA030E0389
Malicious:	false
Preview:	MANIFEST-000004.

Static File Info

General
File type:	HTML document, ASCII text, with very long lines, with CRLF line terminators
Entropy (8bit):	3.3020731933445333
TrID:
File name:	HSBC_Payment_slip_for Outstanding 001005l.htm
File size:	49957
MD5:	b61772141ff432e58420e5e499994567
SHA1:	29b5db79051c197028403a38cd3a1bc61f5eec37
SHA256:	ed22a74873af2f35b12b50548f25a43e2db46ddbe406a9033b2c86cc05f3cc11
SHA512:	4456fbc00eef8a07a0ddcecb25b32a7a39470a24e490054585a224ebdf46e016b26bdf913799886d81690678b8f47bfec52f7d898ff22043f651380dcc224b04
SSDEEP:	384:maWycSPTBPBE92bWBNQN4SaFF0AwGKrzLLuY/d1c4+GvArbOUaG4Mtd9z4NiDPmA:mp5+TA+b4MNSMjuPt
File Content Preview:	<script language="javascript">document.write( unescape( '%0A%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%20%75%6E%65%73%63%61%70%65%28%20%27%0A%0A%0A%3C%21%44%4F%43

File Icon


Icon Hash:	e8d6a08c8882c461

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 22:11:24.252274990 CEST	49716	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:24.252412081 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.252875090 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.253281116 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.253546000 CEST	49721	443	192.168.2.6	216.58.205.77
Aug 3, 2021 22:11:24.268984079 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.269088984 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.269392014 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.269547939 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.269910097 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.269989967 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.270945072 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.271209955 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.271378040 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.275161982 CEST	443	49721	216.58.205.77	192.168.2.6
Aug 3, 2021 22:11:24.275305033 CEST	49721	443	192.168.2.6	216.58.205.77
Aug 3, 2021 22:11:24.279421091 CEST	443	49716	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:24.279555082 CEST	49716	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:24.282644987 CEST	49716	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:24.282844067 CEST	49721	443	192.168.2.6	216.58.205.77
Aug 3, 2021 22:11:24.287513971 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.287550926 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.287635088 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.287744999 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.287777901 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.287852049 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.287945986 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.288147926 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.288203001 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.304373980 CEST	443	49721	216.58.205.77	192.168.2.6
Aug 3, 2021 22:11:24.304414988 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.304666042 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.304709911 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.304749012 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.304778099 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.304806948 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.304822922 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.304841995 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.304843903 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.305056095 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.305095911 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.305143118 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.305170059 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.305176020 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.305213928 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.305252075 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.305258036 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.305289984 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.305295944 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.305316925 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.305356979 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.305686951 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.305993080 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.306041002 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.309545040 CEST	443	49716	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:24.316875935 CEST	443	49716	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:24.316904068 CEST	443	49716	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:24.316924095 CEST	443	49716	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:24.316937923 CEST	443	49716	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:24.316953897 CEST	443	49716	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:24.316962957 CEST	49716	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:24.317001104 CEST	49716	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:24.320221901 CEST	443	49721	216.58.205.77	192.168.2.6
Aug 3, 2021 22:11:24.320240021 CEST	443	49721	216.58.205.77	192.168.2.6
Aug 3, 2021 22:11:24.321197033 CEST	49721	443	192.168.2.6	216.58.205.77
Aug 3, 2021 22:11:24.347595930 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.369333029 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.369400024 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.738823891 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.739898920 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.740763903 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.741048098 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.741126060 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.741405964 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.741671085 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.741743088 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.741791964 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.755577087 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.755629063 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.755691051 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.755696058 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.755724907 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.755740881 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.756335020 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.756366014 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.756386995 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.756431103 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.756505966 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.757441044 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.757472992 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.757493019 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.757550955 CEST	443	49719	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.757587910 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.757632017 CEST	49719	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.757786989 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.757879972 CEST	443	49717	192.229.221.185	192.168.2.6
Aug 3, 2021 22:11:24.757931948 CEST	49717	443	192.168.2.6	192.229.221.185
Aug 3, 2021 22:11:24.758099079 CEST	443	49720	152.199.23.37	192.168.2.6
Aug 3, 2021 22:11:24.758157015 CEST	49720	443	192.168.2.6	152.199.23.37
Aug 3, 2021 22:11:24.758413076 CEST	443	49720	152.199.23.37	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 22:11:13.631491899 CEST	64267	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:13.665293932 CEST	53	64267	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:14.352026939 CEST	49448	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:14.376812935 CEST	53	49448	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:15.159941912 CEST	60342	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:15.185002089 CEST	53	60342	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:15.983724117 CEST	61346	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:16.010313034 CEST	53	61346	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:17.443280935 CEST	51774	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:17.468425989 CEST	53	51774	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:19.010946035 CEST	56023	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:19.055583954 CEST	53	56023	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:19.849350929 CEST	58384	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:19.884068966 CEST	53	58384	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:20.906102896 CEST	60261	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:20.942028999 CEST	53	60261	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:22.372695923 CEST	56061	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:22.406512022 CEST	53	56061	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:24.172234058 CEST	54064	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:24.173527956 CEST	52811	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:24.180283070 CEST	55299	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:24.189606905 CEST	63745	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:24.192926884 CEST	50055	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:24.196686983 CEST	61374	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:24.205169916 CEST	53	54064	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:24.214615107 CEST	53	55299	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:24.216624022 CEST	53	52811	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:24.221544981 CEST	53	61374	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:24.233539104 CEST	53	63745	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:24.236311913 CEST	53	50055	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:25.168562889 CEST	63307	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:25.204116106 CEST	53	63307	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:25.399892092 CEST	49694	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:25.432102919 CEST	53	49694	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:25.519628048 CEST	54982	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:25.547405005 CEST	53	54982	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:26.041192055 CEST	50010	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:26.074856997 CEST	53	50010	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:26.258223057 CEST	63718	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:26.292907000 CEST	53	63718	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:26.562906027 CEST	62116	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:26.587620974 CEST	53	62116	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:27.646020889 CEST	63816	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:27.675067902 CEST	53	63816	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:29.022847891 CEST	51818	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:29.058721066 CEST	53	51818	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:30.241159916 CEST	56628	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:30.274224997 CEST	53	56628	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:31.055002928 CEST	60778	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:31.080053091 CEST	53	60778	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:31.701527119 CEST	53799	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:31.738789082 CEST	53	53799	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:32.626646042 CEST	64021	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:32.659250975 CEST	53	64021	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:35.519566059 CEST	56131	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:35.551311016 CEST	443	56131	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:35.801448107 CEST	443	56131	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:36.046029091 CEST	56131	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:36.077373981 CEST	443	56131	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:36.077404022 CEST	443	56131	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:36.077426910 CEST	443	56131	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:36.077447891 CEST	443	56131	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:36.079338074 CEST	56131	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:36.079518080 CEST	56131	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:36.081722021 CEST	56131	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:36.127024889 CEST	443	56131	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:36.242585897 CEST	56131	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:36.274372101 CEST	443	56131	142.250.186.110	192.168.2.6
Aug 3, 2021 22:11:36.311639071 CEST	56131	443	192.168.2.6	142.250.186.110
Aug 3, 2021 22:11:39.133661032 CEST	58177	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:39.174209118 CEST	53	58177	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:41.405837059 CEST	50700	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:41.439336061 CEST	53	50700	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:43.617897034 CEST	65084	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:43.626313925 CEST	52751	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:43.645543098 CEST	53	65084	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:43.651468039 CEST	53	52751	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:43.666299105 CEST	50286	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:43.691318989 CEST	53	50286	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:44.940519094 CEST	54069	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:44.974266052 CEST	53	54069	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:48.063467026 CEST	61178	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:48.107012987 CEST	53	61178	8.8.8.8	192.168.2.6
Aug 3, 2021 22:11:49.521677017 CEST	57017	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:11:49.554481983 CEST	53	57017	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:08.267263889 CEST	56327	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:08.299877882 CEST	53	56327	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:16.667552948 CEST	50243	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:16.700527906 CEST	53	50243	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:17.402462006 CEST	62055	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:17.430162907 CEST	53	62055	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:18.090934038 CEST	61249	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:18.139847994 CEST	53	61249	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:18.265731096 CEST	65252	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:18.301819086 CEST	53	65252	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:18.793315887 CEST	64367	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:18.826205969 CEST	53	64367	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:19.367527962 CEST	55066	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:19.401233912 CEST	53	55066	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:19.981221914 CEST	60211	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:20.013766050 CEST	53	60211	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:20.516388893 CEST	56570	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:20.549288988 CEST	53	56570	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:21.679414988 CEST	58454	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:21.715930939 CEST	53	58454	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:22.276420116 CEST	55180	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:22.312113047 CEST	53	55180	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:22.484884977 CEST	57691	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:22.512288094 CEST	53	57691	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:22.891222000 CEST	52943	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:22.923958063 CEST	53	52943	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:22.984200001 CEST	59489	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:23.016976118 CEST	53	59489	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:30.080877066 CEST	64022	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:30.118483067 CEST	53	64022	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:48.947951078 CEST	60023	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:48.991369009 CEST	53	60023	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:54.110948086 CEST	57193	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:54.160304070 CEST	53	57193	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:54.607218027 CEST	50248	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:54.609091997 CEST	64413	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:54.640722990 CEST	53	50248	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:54.646497965 CEST	53	64413	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:54.722804070 CEST	60429	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:54.763036013 CEST	53	60429	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:54.937522888 CEST	60345	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:54.962327003 CEST	58730	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:12:54.965306997 CEST	53	60345	8.8.8.8	192.168.2.6
Aug 3, 2021 22:12:55.014240980 CEST	53	58730	8.8.8.8	192.168.2.6
Aug 3, 2021 22:13:24.398344040 CEST	53830	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:13:24.421463966 CEST	57226	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:13:24.434148073 CEST	53	53830	8.8.8.8	192.168.2.6
Aug 3, 2021 22:13:24.463027954 CEST	53	57226	8.8.8.8	192.168.2.6
Aug 3, 2021 22:13:34.916838884 CEST	57880	53	192.168.2.6	8.8.8.8
Aug 3, 2021 22:13:34.952140093 CEST	53	57880	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 3, 2021 22:11:24.172234058 CEST	192.168.2.6	8.8.8.8	0x18fe	Standard query (0)	raktaxis.co.uk	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:24.180283070 CEST	192.168.2.6	8.8.8.8	0xde3f	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:24.189606905 CEST	192.168.2.6	8.8.8.8	0xa763	Standard query (0)	logincdn.msauth.net	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:24.192926884 CEST	192.168.2.6	8.8.8.8	0xd2c0	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:24.196686983 CEST	192.168.2.6	8.8.8.8	0x19ca	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:26.258223057 CEST	192.168.2.6	8.8.8.8	0x77b0	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:39.133661032 CEST	192.168.2.6	8.8.8.8	0x5bbb	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 3, 2021 22:11:24.205169916 CEST	8.8.8.8	192.168.2.6	0x18fe	Name error (3)	raktaxis.co.uk	none	none	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:24.214615107 CEST	8.8.8.8	192.168.2.6	0xde3f	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 22:11:24.214615107 CEST	8.8.8.8	192.168.2.6	0xde3f	No error (0)	cs1100.wpc.omegacdn.net		152.199.23.37	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:24.221544981 CEST	8.8.8.8	192.168.2.6	0x19ca	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 22:11:24.221544981 CEST	8.8.8.8	192.168.2.6	0x19ca	No error (0)	clients.l.google.com		142.250.186.110	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:24.233539104 CEST	8.8.8.8	192.168.2.6	0xa763	No error (0)	logincdn.msauth.net	lgincdn.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 22:11:24.233539104 CEST	8.8.8.8	192.168.2.6	0xa763	No error (0)	cs1227.wpc.alphacdn.net		192.229.221.185	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:24.236311913 CEST	8.8.8.8	192.168.2.6	0xd2c0	No error (0)	accounts.google.com		216.58.205.77	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:26.292907000 CEST	8.8.8.8	192.168.2.6	0x77b0	No error (0)	aadcdn.msftauth.net	cs1100.wpc.omegacdn.net		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 22:11:26.292907000 CEST	8.8.8.8	192.168.2.6	0x77b0	No error (0)	cs1100.wpc.omegacdn.net		152.199.23.37	A (IP address)	IN (0x0001)
Aug 3, 2021 22:11:39.174209118 CEST	8.8.8.8	192.168.2.6	0x5bbb	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 22:11:39.174209118 CEST	8.8.8.8	192.168.2.6	0x5bbb	No error (0)	googlehosted.l.googleusercontent.com		216.58.208.129	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Aug 3, 2021 22:11:26.344789982 CEST	152.199.23.37	443	192.168.2.6	49735	CN=aadcdn.msftauth.net, O=Microsoft Corporation, L=Redmond, ST=Washington, C=US CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Thu May 13 02:00:00 CEST 2021 Wed Sep 23 02:00:00 CEST 2020 Fri Nov 10 01:00:00 CET 2006	Sat May 14 01:59:59 CEST 2022 Mon Sep 23 01:59:59 CEST 2030 Mon Nov 10 01:00:00 CET 2031	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Wed Sep 23 02:00:00 CEST 2020	Mon Sep 23 01:59:59 CEST 2030
					CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US	Fri Nov 10 01:00:00 CET 2006	Mon Nov 10 01:00:00 CET 2031

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 6988 Parent PID: 1012

General

Start time:	22:11:20
Start date:	03/08/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\HSBC_Payment_slip_for Outstanding 001005l.htm'
Imagebase:	0x7ff7c15e0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: chrome.exe PID: 5080 Parent PID: 6988

General

Start time:	22:11:21
Start date:	03/08/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1588,14998763898602745597,3575006488296636630,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1700 /prefetch:8
Imagebase:	0x7ff7c15e0000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report HSBC_Payment_slip_for Outstanding 001005l.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Sigma Overview

Jbx Signature Overview

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 6988 Parent PID: 1012

General

Analysis Process: chrome.exe PID: 5080 Parent PID: 6988

General

Disassembly