Play interactive tour

Edit tour

Windows Analysis Report State Settlement Copy.html

Overview

General Information

Sample Name:	State Settlement Copy.html
Analysis ID:	458968
MD5:	3ddfedf04fbd4845a8ff73e736d08add
SHA1:	936084447f9cba083697ec7e392c833476f3406c
SHA256:	111442186d007f4e43de930b5bef6cd92bafe101557890f6ffd2d9c7b685a2d0
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Yara detected HtmlPhish44

Yara detected obfuscated html page

HTML body contains low number of good links

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Suspicious form URL found

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5784 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\State Settlement Copy.html' MD5: C139654B5C1438A95B321BB01AD63EF6)

chrome.exe (PID: 5644 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,2459575167211995088,13394836041496998709,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1696 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)

cleanup

Malware Configuration

No configs have been found

Yara Overview

Initial Sample

Source	Rule	Description	Author	Strings
State Settlement Copy.html	JoeSecurity_Obshtml	Yara detected obfuscated html page	Joe Security
State Settlement Copy.html	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

Phishing:

Yara detected HtmlPhish10

Show sources

Source: Yara match

File source: 13434.0.pages.csv, type: HTML

Yara detected HtmlPhish44

Show sources

Source: Yara match

File source: State Settlement Copy.html, type: SAMPLE

Yara detected obfuscated html page

Show sources

Source: Yara match

File source: State Settlement Copy.html, type: SAMPLE

Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: Number of links: 0
Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: Form action: https://mazdel.com/wp-content/off.php
Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: Form action: https://mazdel.com/wp-content/off.php

Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\5784_142391203\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 185.151.30.153:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 70.36.99.230:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 176.9.17.111:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.151.30.153:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 70.36.99.230:443 -> 192.168.2.5:49735 version: TLS 1.2

Source: Joe Sandbox View

IP Address: 239.255.255.250 239.255.255.250

Source: Joe Sandbox View	JA3 fingerprint: b32309a26951912be7dba376398abc3b
Source: Joe Sandbox View	JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: 77EC63BDA74BD0D0E0426DC8F8008506.2.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: Reporting and NEL.2.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=fQUltQsVT%2Bc6VlTjJQLGrl7%2FFRzekZfgWOIaxObRNZyrEGl2%2Fs5hk
Source: manifest.json0.0.dr, ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://accounts.google.com
Source: manifest.json0.0.dr, ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://apis.google.com
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr	String found in binary or memory: https://cdn.mosoah.com
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: Reporting and NEL.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: 4e22a8c8-c42a-4fbe-a5b6-2f7e75ea3527.tmp.2.dr, ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, 4b36cb26-fbc3-43ea-8d7a-8dc1df58ddd0.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr	String found in binary or memory: https://letsteachtheworld.org
Source: Current Session.0.dr	String found in binary or memory: https://mazdel.com/wp-content/off.php
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr	String found in binary or memory: https://t4.ftcdn.net
Source: manifest.json0.0.dr, ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 185.151.30.153:443 -> 192.168.2.5:49719 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 70.36.99.230:443 -> 192.168.2.5:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 176.9.17.111:443 -> 192.168.2.5:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 185.151.30.153:443 -> 192.168.2.5:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 70.36.99.230:443 -> 192.168.2.5:49735 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.winHTML@33/224@12/12

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-610A3126-1698.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\dd55306c-a3c9-4de3-a1a9-769cfea0d70f.tmp

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\State Settlement Copy.html'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,2459575167211995088,13394836041496998709,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1696 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,2459575167211995088,13394836041496998709,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1696 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\5784_142391203\LICENSE.txt

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Masquerading3	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Encrypted Channel2	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Process Injection1	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Application Layer Protocol1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information1	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Application Layer Protocol2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

Source	Detection	Scanner	Link
letsteachtheworld.org	0%	Virustotal	Browse
temperfield.com	0%	Virustotal	Browse
www.kindpng.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label
https://dns.google	0%	URL Reputation	safe
https://mazdel.com/wp-content/off.php	0%	Avira URL Cloud	safe
https://www.google.com;	0%	Avira URL Cloud	safe
https://letsteachtheworld.org	0%	Avira URL Cloud	safe
https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
accounts.google.com	216.58.205.77	true	false		high
letsteachtheworld.org	185.151.30.153	true	false	0%, Virustotal, Browse	unknown
freepnglogos.com	176.9.17.111	true	false		high
temperfield.com	31.14.15.249	true	false	0%, Virustotal, Browse	unknown
clients.l.google.com	216.58.212.174	true	false		high
cdn.mosoah.com	172.67.75.3	true	false		high
googlehosted.l.googleusercontent.com	216.58.208.129	true	false		high
www.kindpng.com	70.36.99.230	true	false	0%, Virustotal, Browse	unknown
clients2.googleusercontent.com	unknown	unknown	false		high
clients2.google.com	unknown	unknown	false		high
t4.ftcdn.net	unknown	unknown	false		high
www.freepnglogos.com	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html	true		low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	manifest.json0.0.dr, ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	false		high
https://dns.google	4e22a8c8-c42a-4fbe-a5b6-2f7e75ea3527.tmp.2.dr, ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, 4b36cb26-fbc3-43ea-8d7a-8dc1df58ddd0.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	false	URL Reputation: safe	unknown
https://ogs.google.com	ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	false		high
https://support.google.com/chromecast/troubleshooter/2995236	messages.json41.0.dr	false		high
https://mazdel.com/wp-content/off.php	Current Session.0.dr	false	Avira URL Cloud: safe	unknown
https://t4.ftcdn.net	ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr	false		high
https://a.nel.cloudflare.com/report/v3?s=fQUltQsVT%2Bc6VlTjJQLGrl7%2FFRzekZfgWOIaxObRNZyrEGl2%2Fs5hk	Reporting and NEL.2.dr	false		high
https://accounts.google.com	manifest.json0.0.dr, ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	false		high
https://payments.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
https://www.google.com;	manifest.json0.0.dr	false	Avira URL Cloud: safe	low
https://support.google.com/chromecast/answer/2998456	messages.json41.0.dr	false		high
https://hangouts.google.com/	manifest.json0.0.dr	false		high
https://letsteachtheworld.org	ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr	false	Avira URL Cloud: safe	unknown
https://cdn.mosoah.com	ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr	false		high
https://clients2.googleusercontent.com	ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	false		high
https://apis.google.com	manifest.json0.0.dr, ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	false		high
https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external	Reporting and NEL.2.dr	false	URL Reputation: safe	unknown
https://sandbox.google.com/payments/v4/js/integrator.js	manifest.json.0.dr	false		high
https://www.google.com/	manifest.json.0.dr	false		high
https://feedback.googleusercontent.com	manifest.json0.0.dr	false		high
https://clients2.google.com	ff9768f9-45ea-456c-93ad-4b7a197e8973.tmp.2.dr, a55005c2-44bb-4dd7-b605-bf9447383684.tmp.2.dr, bb7a29b8-8969-482a-ae5b-87fd5e1b8c7d.tmp.2.dr	false		high
https://clients2.google.com/service/update2/crx	manifest.json0.0.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
172.67.75.3	cdn.mosoah.com	United States	13335	CLOUDFLARENETUS	false
31.14.15.249	temperfield.com	Romania	5588	GTSCEGTSCentralEuropeAntelGermanyCZ	false
216.58.205.77	accounts.google.com	United States	15169	GOOGLEUS	false
70.36.99.230	www.kindpng.com	United States	22439	PERFECT-INTERNATIONALUS	false
185.151.30.153	letsteachtheworld.org	United Kingdom	48254	TWENTYIGB	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
176.9.17.111	freepnglogos.com	Germany	24940	HETZNER-ASDE	false
216.58.208.129	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
216.58.212.174	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.3
127.0.0.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	458968
Start date:	03.08.2021
Start time:	23:17:23
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 10s
Hypervisor based Inspection enabled:	false
Report type:	light
Sample file name:	State Settlement Copy.html
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	26
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.winHTML@33/224@12/12
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .html
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe TCP Packets have been reduced to 100 Created / dropped Files have been reduced to 100 Excluded IPs from analysis (whitelisted): 40.88.32.150, 13.88.21.125, 23.211.6.115, 151.101.1.167, 151.101.65.167, 151.101.129.167, 151.101.193.167, 142.250.184.110, 142.250.180.163, 74.125.8.72, 13.107.4.50, 209.85.226.8, 142.250.184.106, 216.58.198.10, 216.58.198.42, 216.58.205.74, 172.217.21.74, 142.250.180.74, 142.250.180.106, 142.250.180.138, 142.250.180.170, 216.58.206.42, 216.58.206.74, 216.58.208.138, 216.58.208.170, 216.58.209.42, 142.250.184.42, 142.250.184.74, 23.211.4.86, 20.82.210.154, 51.103.5.159, 20.54.110.249, 40.112.88.60, 80.67.82.211, 80.67.82.235, 216.58.208.131, 74.125.8.70, 216.58.209.35, 204.79.197.200, 13.107.21.200, 74.125.100.136 Excluded domains from analysis (whitelisted): r3---sn-5hneknee.gvt1.com, clientservices.googleapis.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, skypedataprdcoleus15.cloudapp.net, r2.sn-5hnedn7e.gvt1.com, audownload.windowsupdate.nsatc.net, www-bing-com.dual-a-0001.a-msedge.net, update.googleapis.com, watson.telemetry.microsoft.com, elasticShed.au.au-msedge.net, www.gstatic.com, r3.sn-5hneknee.gvt1.com, au-bg-shim.trafficmanager.net, www.bing.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, dual-a-0001.a-msedge.net, ris-prod.trafficmanager.net, r1.sn-5hneknee.gvt1.com, r2---sn-5hnedn7e.gvt1.com, www.googleapis.com, ris.api.iris.microsoft.com, au.au-msedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, r1---sn-5hneknee.gvt1.com, store-images.s-microsoft.com-c.edgekey.net, Edge-Prod-FRA.env.au.au-msedge.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, r3.sn-5hnekn76.gvt1.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, redirector.gvt1.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, client.wns.windows.com, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, c-0001.c-msedge.net, e1723.g.akamaiedge.net, afdap.au.au-msedge.net, r3---sn-5hnekn76.gvt1.com, b.shared.global.fastly.net, a-0001.a-afdentry.net.trafficmanager.net, au.c-0001.c-msedge.net, skypedataprdcolwus15.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtQueryVolumeInformationFile calls found. Report size getting too big, too many NtSetInformationFile calls found. Report size getting too big, too many NtWriteVirtualMemory calls found.

Simulations

Behavior and APIs

Time	Type	Description
23:18:20	API Interceptor	2x Sleep call for process: chrome.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
185.151.30.153	Xerox Fax Copy.html	Get hash	malicious	Browse
239.255.255.250	HSBC_Payment_slip_for Outstanding 001005l.htm	Get hash	malicious	Browse
	ATT80307.HTM	Get hash	malicious	Browse
	2C.TA9.HTML	Get hash	malicious	Browse
	Project Proposal and Analysis.html	Get hash	malicious	Browse
	Dosusign_Na_Sign.htm	Get hash	malicious	Browse
	sbcss_Richard.DeNava_#inv0549387TWQYqzTPaYeqvaYMnpdIfJAwwzbguzauViQVRRplvOktNmAire.HTM	Get hash	malicious	Browse
	Fake.HTM	Get hash	malicious	Browse
	6dAzFehHE6.doc	Get hash	malicious	Browse
	vcufsCgeP2.doc	Get hash	malicious	Browse
	#Ud83d#Udda8rocket.com 7335931#Ufffd90-queue-1675.htm	Get hash	malicious	Browse
	ATT66004.HTM	Get hash	malicious	Browse
	0803_0212424605.doc	Get hash	malicious	Browse
	psconstruction.ca Attachment.htm	Get hash	malicious	Browse
	minha-conta-06082021.msi	Get hash	malicious	Browse
	BadFile.HTM	Get hash	malicious	Browse
	OneDrive-besked.htm	Get hash	malicious	Browse
	SARS_DOCUMENT - Copy.html	Get hash	malicious	Browse
	SARS_DOCUMENT - Copy.html	Get hash	malicious	Browse
	Xerox Scan_367136092111.html	Get hash	malicious	Browse
	_vm000_294943583.HtM	Get hash	malicious	Browse
176.9.17.111	Xerox Fax Copy.html	Get hash	malicious	Browse
176.9.17.111	midmark_Invoice191929.html	Get hash	malicious	Browse
31.14.15.249	Xerox Fax Copy.html	Get hash	malicious	Browse
70.36.99.230	Xerox Fax Copy.html	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
cdn.mosoah.com	Xerox Fax Copy.html	Get hash	malicious	Browse	104.26.3.120
letsteachtheworld.org	Xerox Fax Copy.html	Get hash	malicious	Browse	185.151.30.153
temperfield.com	Xerox Fax Copy.html	Get hash	malicious	Browse	31.14.15.249
www.kindpng.com	Xerox Fax Copy.html	Get hash	malicious	Browse	70.36.99.230
	SOC_0#7198, INV#512 Via GoogleDocs gracechung.html	Get hash	malicious	Browse	173.208.139.132
	https://wolusozai.web.app/yuniri-%E9%AB%98%E9%BD%A2%E8%80%85-%E7%84%A1%E6%96%99%E3%82%A4%E3%83%A9%E3%82%B9%E3%83%88.html	Get hash	malicious	Browse	173.208.139.133

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
CLOUDFLARENETUS	Request Quotation.exe	Get hash	malicious	Browse	172.67.188.154
	invoice.vbs	Get hash	malicious	Browse	162.159.130.233
	kKZZ0J8y0c.exe	Get hash	malicious	Browse	104.21.19.200
	RFQ 29.exe	Get hash	malicious	Browse	104.21.19.200
	ATT80307.HTM	Get hash	malicious	Browse	104.16.19.94
	2C.TA9.HTML	Get hash	malicious	Browse	104.18.11.207
	Dosusign_Na_Sign.htm	Get hash	malicious	Browse	172.67.145.176
	RoyalMail_Requestform0729.exe	Get hash	malicious	Browse	172.67.188.154
	sbcss_Richard.DeNava_#inv0549387TWQYqzTPaYeqvaYMnpdIfJAwwzbguzauViQVRRplvOktNmAire.HTM	Get hash	malicious	Browse	104.16.18.94
	Fake.HTM	Get hash	malicious	Browse	104.16.19.94
	RoyalMail_Requestform1.exe	Get hash	malicious	Browse	172.67.188.154
	Nouveau bon de commande. 3007021_pdf.exe	Get hash	malicious	Browse	23.227.38.74
	MFS0175, MFS0117 MFS0194.exe	Get hash	malicious	Browse	172.67.188.154
	ORIGINAL PROFORMA INVOICE COAU7220898130,PDF.exe	Get hash	malicious	Browse	172.67.176.89
	Purchase Requirements.exe	Get hash	malicious	Browse	23.227.38.74
	items.doc	Get hash	malicious	Browse	104.21.19.200
	ZI09484474344.exe	Get hash	malicious	Browse	104.21.49.41
	#Ud83d#Udda8rocket.com 7335931#Ufffd90-queue-1675.htm	Get hash	malicious	Browse	104.16.19.94
	ATT66004.HTM	Get hash	malicious	Browse	104.16.19.94
	JUP2A9ptp5.exe	Get hash	malicious	Browse	104.21.19.200
GTSCEGTSCentralEuropeAntelGermanyCZ	wz4R1rqU7p	Get hash	malicious	Browse	91.120.164.11
	w4MaMzd0i1	Get hash	malicious	Browse	193.86.165.98
	NQrs7jd2jx	Get hash	malicious	Browse	193.226.175.125
	SecuriteInfo.com.Linux.Mirai.27.23761.13200	Get hash	malicious	Browse	193.86.95.230
	sEpm2xTkk2	Get hash	malicious	Browse	178.183.111.139
	jSZ8nD73MZ	Get hash	malicious	Browse	212.146.102.50
	nFXksLiE0m	Get hash	malicious	Browse	217.153.110.225
	lBuWpqnzMD	Get hash	malicious	Browse	62.168.37.198
	27iqIAFu9e	Get hash	malicious	Browse	94.42.249.42
	4DbZgU95hN	Get hash	malicious	Browse	212.38.198.225
	MMrfxxpTLP	Get hash	malicious	Browse	193.85.183.14
	l6ozR6Dwui	Get hash	malicious	Browse	195.39.56.201
	Xerox Fax Copy.html	Get hash	malicious	Browse	31.14.15.249
	S0qI7cmeOW	Get hash	malicious	Browse	178.183.111.131
	GEso3CniSk	Get hash	malicious	Browse	94.42.225.83
	C4PozjQdGE	Get hash	malicious	Browse	157.25.181.142
	yZEHOt8K7X	Get hash	malicious	Browse	178.183.73.179
	wy2BysBF1U	Get hash	malicious	Browse	158.255.22.229
	Rl9KiguX35	Get hash	malicious	Browse	195.56.87.170
	popsmoke.mpsl	Get hash	malicious	Browse	62.168.37.162
TWENTYIGB	Xerox Fax Copy.html	Get hash	malicious	Browse	185.151.30.153
	xwKdahKPn8.exe	Get hash	malicious	Browse	185.151.30.147
	tgix.exe	Get hash	malicious	Browse	185.151.30.166
	Financial Results April 21.pptx (9,753K).exe	Get hash	malicious	Browse	185.151.30.150
	Purchase Orders.exe	Get hash	malicious	Browse	185.151.30.171
	NEW-ORDER No-004353.exe	Get hash	malicious	Browse	185.151.30.166
	New Order-756678 SEG.exe	Get hash	malicious	Browse	185.151.30.138
	packet426.exe	Get hash	malicious	Browse	185.151.30.165
	document-1900770373.xls	Get hash	malicious	Browse	185.151.30.170
	document-1900770373.xls	Get hash	malicious	Browse	185.151.30.170
	ransomware.exe	Get hash	malicious	Browse	185.151.30.147
	61vPFITGkbgCrMT.exe	Get hash	malicious	Browse	185.151.30.167
	3KvCNpcQ6tvwKr5.exe	Get hash	malicious	Browse	185.151.30.167
	SEA LION LOGISTICS-URGENT QUOTATION.exe	Get hash	malicious	Browse	185.151.30.167
	Amazon_eGift-Card.451219634.doc	Get hash	malicious	Browse	185.151.30.145
	eGift-CardAmazon.907427310.doc	Get hash	malicious	Browse	185.151.30.145
	Order_Gift_Card_411022863.doc	Get hash	malicious	Browse	185.151.30.145
	https://warleyroad.calderdale.sch.uk/folded/recovery/index.php?email=w_allender@bmifcu.org	Get hash	malicious	Browse	185.151.31.155
	PO_scan000000100205032.exe	Get hash	malicious	Browse	185.151.30.148
PERFECT-INTERNATIONALUS	Xerox Fax Copy.html	Get hash	malicious	Browse	70.36.99.230
PERFECT-INTERNATIONALUS	uTorrent.exe	Get hash	malicious	Browse	74.222.26.197

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
b32309a26951912be7dba376398abc3b	ATT80307.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	sbcss_Richard.DeNava_#inv0549387TWQYqzTPaYeqvaYMnpdIfJAwwzbguzauViQVRRplvOktNmAire.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	Fake.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	ATT66004.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	BadFile.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	SARS_DOCUMENT - Copy.html	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	SARS_DOCUMENT - Copy.html	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	Xerox Scan_367136092111.html	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	_vm000_294943583.HtM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	ATT17444.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	ATT75446.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	ATT23582.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	HTM.html	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	ATT96886.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	ATT04604.HTM	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	93ejLcdBh5.exe	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	globalfoundries_MNT484_XEROStubs_XjJzNZsjSWLmtRAHrKczAOlwztYjTcVMspUZaJnMJERgMTdevl.HTML	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	Ach Remittance advice.xlsx	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	Ach Remittance advice.xlsx	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
	Coved Facture.html	Get hash	malicious	Browse	185.151.30.153 70.36.99.230
37f463bf4616ecd445d4a1937da06e19	HSBC_Payment_slip_for Outstanding 001005l.htm	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	ATT80307.HTM	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	Project Proposal and Analysis.html	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	Fake.HTM	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	Ban.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	TpZ10Hfjov.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	ATT66004.HTM	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	REQUEST FOR QUOTATION.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	OneDrive-besked.htm	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	PdQwZoWgs2.ppt	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	Wyzntjzprmmvqdtdrthurezrzhdavabchs.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	Wyzntjzprmmvqdtdrthurezrzhdavabchs.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	1As0Ink4Td.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	9HEOWXnwTj.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	SzjLrAw2pL.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	8dll.dll	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	8dll.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	j4OPkAytMi.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	Tzcyxxestkakhuvtmvfdserywturrfjrye.exe	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230
	Xerox Scan_367136092111.html	Get hash	malicious	Browse	185.151.30.153 176.9.17.111 70.36.99.230

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Microsoft Cabinet archive data, 61020 bytes, 1 file
Category:	dropped
Size (bytes):	122040
Entropy (8bit):	7.994886945086499
Encrypted:	true
SSDEEP:	3072:0tdeYPiuWAVtlLBGbtdeYPiuWAVtlLBGm:0rec7VDBGbrec7VDBGm
MD5:	516136E560C1392A28EDFA1A957050D7
SHA1:	BBDF208E48EFC052D332255EF84184BFC946BF5F
SHA-256:	4F812F7C8163C50FE75F441AC6797E18D02B8B66895BC94D0E1153FE24FADEFE
SHA-512:	8F25750E9014F7576E5C81E1A3DE605BB29839A38F0E60D58AB79E034ED1847D9E88A427A834BCA95BF7C4627197AC1194D5A487E0D5E5F88B95E46C4574A425
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MSCF....\.......,...................I........l.........R.q .authroot.stl.N....5..CK..8T....c_.d....A.K....=.D.eWI..r."Y...."i..,.=.l.D.....3...3WW.......y...9..w..D.yM10....`.0.e.._.'..a0xN....)F.C..t.z.,.O20.1``L.....m?H..C..X>Oc..q.....%.!^v%<...O...-..@/.......H.J.W...... T...Fp..2.\|$....._Y..Y`&..s.1........s.{..,.":o}9.......%._.xWS.K..4"9......q.G:.........a.H.y.. ..r...q./6.p.;.`=.Dwj......!......s).B..y.......A.!W.........D!s0..!"X...l.....D0...........Ba...Z.0.o..l.3.v..W1F hSp.S)@.....'Z..QW...G...G.G.y+.x...aa`.3..X&4E..N...._O..<X.......K...xm..+M...O.H...)............o..~4.6.......p.`Bt.(..V.N.!.p.C>..%.ySXY.>.`..f\|....'^K`\..e......j/..\|..)..&i...wEj.w...o..r<.$.....C.....}.x...L..&..).r..\...>....v........7...^..L!.$..'m...,.....7F$..~..S.6$S.-y....\|.!.....x...~k...Q/.w.e...h.[...9<x...Q.x.][}_%Z..K.).3..'....M.6QkJ.N........Y..Q.n.[.(.... ...Bg..33..[...S..[... .Z..<i.-.]...po.k.,...X6......y3^.t[.Dw.]ts. R..L..`..ut_F....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	652
Entropy (8bit):	3.1445885356140573
Encrypted:	false
SSDEEP:	12:o5kPlE99SNxAhUe0ep/+5kPlE99SNxAhUe0et:o5kPcUQUfeN+5kPcUQUfet
MD5:	58D733953CED5819BAD94ECF20BC18C6
SHA1:	1BEA21470B05B6B376D61584E2FD939C5FD04674
SHA-256:	062B99AB059AD7571B4CC98C21A39047651B9527A14B8AA2D771D7622C5DCF9E
SHA-512:	941122F6ADD9332B0B5A1A218899A665A69BEF4113D7BE9B0FDC9BBFEF99246F7094AC29BFC814EDF7EABD78895C793CC910236AAEC51D218A5E35E4B8F96ACE
Malicious:	false
Reputation:	low
Preview:	p...... .........n.....(....................................................... .........T'._......$...........\...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.6.5.4.2.7.7.5.f.d.7.1.:.0."...p...... ..........n.....(....................................................... .........T'._......$...........\...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.d.6.5.4.2.7.7.5.f.d.7.1.:.0."...

C:\Users\user\AppData\Local\Google\Chrome\User Data\0f170acc-b214-4174-92e9-a021b6b88219.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	368962
Entropy (8bit):	6.027873345880314
Encrypted:	false
SSDEEP:	6144:cxaV+QfT7GSmhn8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBP:cw/aUxzurRDn9nfNxF4ijZVtilBP
MD5:	16DAA4D5FE792493878C7D055C4FFAA2
SHA1:	6F60D8B0DE5B8F2BE0FF370DA09744B9DD1F4F53
SHA-256:	F555564A811B2BD1F273185AF9587A00E036151552C9F4C34C853FEC0715050B
SHA-512:	FC8BEC23B555BF330F2AF124D98FC06B2BFDFC26B89C7AD7AA2510B7AC5D7A965CA767B2166DE01B6AB8E08CF0185AAF5305E28BA9C8C0780BC0ECE8F12431D4
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628057898117866e+12,"network":1.6280255e+12,"ticks":5720821624.0,"uncertainty":5093041.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075726827"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\41cd8e1e-7801-4ad5-8bb6-d3a1a34785bb.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	369066
Entropy (8bit):	6.0280664022954475
Encrypted:	false
SSDEEP:	6144:YxaV+QfT7GSmhn8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBP:Yw/aUxzurRDn9nfNxF4ijZVtilBP
MD5:	F1DBCD2E9FB8DAAA862FDA7F3AB5A819
SHA1:	25BADAEFD8A6B669D9E41E1477AF9176E15C33F2
SHA-256:	371AE4666693526ECC9DD71428C2C19D3C7E9006A9753C1ED4FB43176AF5ADD4
SHA-512:	53C247BA4CA4B877518C2A2BFAD87E7A18980309B32DF9F9D331D7CE5E430FDB34204D3CF03B654C6B2155DDB7C5BB8F65DDF3A09F97046CC187C790073AAF46
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628057898117866e+12,"network":1.6280255e+12,"ticks":5720821624.0,"uncertainty":5093041.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075726827"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\524ea4ea-4207-493d-8413-391c1f1f839e.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	365287
Entropy (8bit):	6.0152212021168925
Encrypted:	false
SSDEEP:	6144:6xaV+QfT7GSmhn8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBP:6w/aUxzurRDn9nfNxF4ijZVtilBP
MD5:	802E9E5137449D173428C9E7F033614C
SHA1:	2D143E27982C6AF41E4774E01E4C2B2B2379489B
SHA-256:	BDCD1A56E08FDEF852F0955257AE989934AB66416BD2FA49C028B8374F36F8A4
SHA-512:	98CE7830B8F93E8E3B501BC7D309437446EC357A9204CF803F2F5DEF01FCAF54A0D5F6CA2DE2D9054C019A7F18AD24AB0BBADE5CFCFB81A02E2DCA177F750A6E
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628057898117866e+12,"network":1.6280255e+12,"ticks":5720821624.0,"uncertainty":5093041.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075265799"},"policy":{"last_statistics_update":"132725314946986

C:\Users\user\AppData\Local\Google\Chrome\User Data\5499bc3a-26f9-42e2-84df-6d469c3b9a74.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	368962
Entropy (8bit):	6.027873345880314
Encrypted:	false
SSDEEP:	6144:cxaV+QfT7GSmhn8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBP:cw/aUxzurRDn9nfNxF4ijZVtilBP
MD5:	16DAA4D5FE792493878C7D055C4FFAA2
SHA1:	6F60D8B0DE5B8F2BE0FF370DA09744B9DD1F4F53
SHA-256:	F555564A811B2BD1F273185AF9587A00E036151552C9F4C34C853FEC0715050B
SHA-512:	FC8BEC23B555BF330F2AF124D98FC06B2BFDFC26B89C7AD7AA2510B7AC5D7A965CA767B2166DE01B6AB8E08CF0185AAF5305E28BA9C8C0780BC0ECE8F12431D4
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628057898117866e+12,"network":1.6280255e+12,"ticks":5720821624.0,"uncertainty":5093041.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075726827"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\559bd103-ccc6-4aa6-8a21-42f3b274c751.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	365287
Entropy (8bit):	6.0152212021168925
Encrypted:	false
SSDEEP:	6144:6xaV+QfT7GSmhn8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBP:6w/aUxzurRDn9nfNxF4ijZVtilBP
MD5:	802E9E5137449D173428C9E7F033614C
SHA1:	2D143E27982C6AF41E4774E01E4C2B2B2379489B
SHA-256:	BDCD1A56E08FDEF852F0955257AE989934AB66416BD2FA49C028B8374F36F8A4
SHA-512:	98CE7830B8F93E8E3B501BC7D309437446EC357A9204CF803F2F5DEF01FCAF54A0D5F6CA2DE2D9054C019A7F18AD24AB0BBADE5CFCFB81A02E2DCA177F750A6E
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628057898117866e+12,"network":1.6280255e+12,"ticks":5720821624.0,"uncertainty":5093041.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075265799"},"policy":{"last_statistics_update":"132725314946986

C:\Users\user\AppData\Local\Google\Chrome\User Data\62be780b-3d71-4f60-8729-6b3365eca50f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	368868
Entropy (8bit):	6.027694951348894
Encrypted:	false
SSDEEP:	6144:0xaV+QfT7GSmhn8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBP:0w/aUxzurRDn9nfNxF4ijZVtilBP
MD5:	BFA41D7CD18247944B094D58417DAD62
SHA1:	D033C77C930294042BAD9C0C6E540080B94996F1
SHA-256:	A7EAF63FA509F0ADE7DD5A12FEDA3150E62F1E736771541203D4BAC98F0E5F20
SHA-512:	8BC65A43C61AB0B69507A551EB8DE6BD4EF36B1251A34F330FADA76C2322E22963323FBD1662B4F1C7FA6BB9A5BC0C2E2CF8C49622672D15F8055DF6008FE739
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628057898117866e+12,"network":1.6280255e+12,"ticks":5720821624.0,"uncertainty":5093041.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075726827"},"plugins":{"metadata":{"adobe-flash-player":{"displ

C:\Users\user\AppData\Local\Google\Chrome\User Data\6b25708d-04ba-42dd-98f7-8f2dc3a9a1b4.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SysEx File -
Category:	dropped
Size (bytes):	94708
Entropy (8bit):	3.750155857492192
Encrypted:	false
SSDEEP:	384:BrjYgKNvGpSEVFHs/Ngr5vcY3zQWPHKfG3ar1Koqxz+GG5r1omh2ZaQMMPOSWsNt:lWq1ZCmjr8eHOEekHH+sKicMJh
MD5:	8C15D137F53F3A4ADE3FF188B1661DEE
SHA1:	489209B882857AAC8C36F2F2517B28DC74AAC2BF
SHA-256:	90B7B41968B151B8B4E3F1D11C34BD602FFBD3AB971F4A5D17A0DA89B612480B
SHA-512:	5518632231384D711649CC4ED05ECB047B1D36054D3C2958930A52166E32CEE47761015D39691C2F4141FFD9AA963B0446B1F20C369EB4C3BF6AE32F2A75A917
Malicious:	false
Reputation:	low
Preview:	.q.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....A8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\832d61d9-f294-4c97-8c89-fd392eb1d0d5.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	365287
Entropy (8bit):	6.015221240039425
Encrypted:	false
SSDEEP:	6144:8xaV+QfT7GSmhn8Acx6ZaurE5/EDnJpAl9SeefNqWF4iVx/9LPeq/1LHm/dBP:8w/aUxzurRDn9nfNxF4ijZVtilBP
MD5:	19E99C4D2CD544BCE8C7BEED2B68A5B9
SHA1:	8C72529D43A449BBCB904039A3D495C06B77F073
SHA-256:	D0BCCFC959BCCA972DCCB1FCA51485CA42E94A73EC6DE03BD7D9E6ABE6D2C178
SHA-512:	7CF2609503B7D141E07D127BB01DD1A10FB9EAB0F382348141AFE030964CAFD581C1D4111BD864E0154FBE5F79EB08B113125F2DD91405926CCE85ECEBDC01AE
Malicious:	false
Reputation:	low
Preview:	{"browser":{"last_redirect_origin":"","shortcut_migration_version":"85.0.4183.121"},"data_use_measurement":{"data_used":{"services":{"background":{},"foreground":{}},"user":{"background":{},"foreground":{}}}},"hardware_acceleration_mode_previous":true,"intl":{"app_locale":"en"},"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.628057898117866e+12,"network":1.6280255e+12,"ticks":5720821624.0,"uncertainty":5093041.0}},"os_crypt":{"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABUPWY4cSyAQZRX3j8/SLmMAAAAAAIAAAAAABBmAAAAAQAAIAAAACC7lwCjByxIY/Ds1S6cdCxJW6iSr1QfjoKlVKoVEQ4EAAAAAA6AAAAAAgAAIAAAAD9PMfiGkWkdrfU+zeMpOLPS1eDxLpcgjYP2R/ndeCNxMAAAAK+RpovfP61NtB5nOpQgPMjPTyt2T1WPeru9i3yP05zNVEj0uCRDWfONruG9ricX1kAAAADB9KtQ9KY2z38GdfaF7dW2ZLcAMHOX2oEKBg8ZJG9lsuMexxChB4M8HFpyb0Bpr6axpi+zmMIXt76noTOxFzKN"},"password_manager":{"os_password_blank":true,"os_password_last_changed":"13245950075726827"},"policy":{"last_statistics_update":"132725314946986

C:\Users\user\AppData\Local\Google\Chrome\User Data\94503948-46da-416a-92e3-236774035694.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	92724
Entropy (8bit):	3.749623551014411
Encrypted:	false
SSDEEP:	384:HrjYgKNvyS9s/Ngr5vcY3zQWPHKfG3ar1Koqxz+GG5r1omh2ZaQMMPOSWsN91w5q:hq1ZCmjr8eHOEekHH+sKicMJf
MD5:	1AE84F8893B144D350774C03AAB3959B
SHA1:	6E0EC0F2C62C90EEAA203779117E76C84F5F4F18
SHA-256:	502DE8CA9E61FB925F9AA08AFF0BE2D0422020B2205E4FABDFAFF4E052E0FEAC
SHA-512:	9497C2AE08853EB7E5D85D10E9BE1BF9544BBE08D3C2E6D259CACA4EF1F3C720C1CE029877ADE5D6E0FB5E8C4122EDEF5B6BD3635324D7E2C76F6F9B07406579
Malicious:	false
Reputation:	low
Preview:	0j.................C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L..P!...[)...%.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e.\.o.f.f.i.c.e.1.6.\.......g.r.o.o.v.e.e.x...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .2.0.1.6......M.i.c.r.o.s.o.f.t. .O.n.e.D.r.i.v.e. .f.o.r. .B.u.s.i.n.e.s.s. .E.x.t.e.n.s.i.o.n.s.....1.6...0...4.7.1.1...1.0.0.0.....*...C.:.\.P.R.O.G.R.A.~.1.\.M.I.C.R.O.S.~.1.\.O.f.f.i.c.e.1.6.\.G.R.O.O.V.E.E.X...D.L.L.....M.i.c.r.o.s.o.f.t. .C.o.r.p.o.r.a.t.i.o.n....A8.D...C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.C.o.m.m.o.n. .F.i.l.e.s.\.M.i.c.r.o.s.o.f.t. .S.h.a.r.e.d.\.O.F.F.I.C.E.1.6.\.m.s.o.s.h.e.x.t...d.l.l..@.....U/...%.c.o.m.m.o.n.p.r.o.g.r.a.m.f.i.l.e.s.%.\.m.i.c.r.o.s.o.f.t. .s.h.a.r.e.d.\.o.f.f.i.c.e.1.6.\.......m.s.o.s.h.e.x.t...d.l.l.....M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e.)...M.i.c.r.o.s.o.f.t. .O.f.f.i.c.e. .S.h.e.l.l. .E.x.t.e.n.s.i.o.n. .H.a.n.d.l.e.r.s.......1.6...0...4.2.6.6...1.0.0.1.....D...C.:.\.P.r.o.g.r.a.m.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	120
Entropy (8bit):	3.3041625260016576
Encrypted:	false
SSDEEP:	3:FkXYDu6cR9iTXYDu6cR9iTXYDu6cR9n:+Y66cR4TXY66cR4TXY66cR9
MD5:	569FA64ACAA310B1DE1A6250CC7356B0
SHA1:	14251450C245F8612958BF94779E8B72AE6D6213
SHA-256:	AEE20ADEBF2D35EB8A39BE2DC391B0E5966EFCB4AFDC971BB3A18115C929F563
SHA-512:	850914A053EF541046B29260266C17FEFF2466A87784394F9AB3B565D2EA1E656F61F02BDB78F9F9676E90365F837F3709BCC0856B3B844256848F477250E0C7
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	sdPC.....................8...?E."..N_.sdPC.....................8...?E."..N_.sdPC.....................8...?E."..N_.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0c0cd476-7f88-4d8e-9f11-97b4dbacdd0c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	modified
Size (bytes):	5471
Entropy (8bit):	5.179824253290331
Encrypted:	false
SSDEEP:	96:nQEr5F9aRiUESKIX96OIk0JCKL8xmAbOTQVuwn:n/rj9aRiUESt96OC4KW
MD5:	452F13B192F941D05A8EE9B9087906D6
SHA1:	9020197CDC7E4600004DD19AAFBC68966F70C233
SHA-256:	A8213EA407E26D26B4080DE56E075EC6541CEB9F1E43D2F96391C8C52031373B
SHA-512:	F8D1C9AEF963231B26377C4A50B0E50120990DF3D9D6AAF785912711FEF591CD5DAB5D65ECF010B1D29BFEA41ADFD462C2E2E5B0AC1AD5D7719F5255B714554A
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0dea1217-f375-419e-a9f0-d7af70e84078.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5471
Entropy (8bit):	5.1797755363141285
Encrypted:	false
SSDEEP:	96:nQErsF9aRiUESKIX96OIk0JCKL8xmAbOTQVuwn:n/rc9aRiUESt96OC4KW
MD5:	93E2C7B42204168AAF2095484EC4CA86
SHA1:	4A76302452558671FB164F8AB548E5A2F6A2FC27
SHA-256:	264102FBB6897015AAD8040787369CC3D181EE055114D2FB166C5FEBF40B6E53
SHA-512:	F7860C4E15549C72B32290F77D864E3591FF7595F7069801D17676A4FE3683F967AFCCD112C68F6C868B1940927A92770B1DCD6FA06735F2FA35B8A2C864306B
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2c6c9412-6857-4b0f-9d26-bdbb4fd08e3c.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5381
Entropy (8bit):	5.175169024793792
Encrypted:	false
SSDEEP:	96:nQErhF9aRiUESKIX96OIk0JCKL8xpbOTQVuwn:n/rb9aRiUESt96OC4KE
MD5:	CDC1650CBC6A043E3543AB846915CF03
SHA1:	59AC2E63C5E4362D58897116DE84D52EEECC6A05
SHA-256:	9A9237AE6BBAACDBE626E0035A1B8564172996A35E388EA4C5A64434FD7FEF6B
SHA-512:	3675301F67AF670C97B993DBCA45C5158BFEC446E52B7B7FE5F3F92051C02BF3E1CB81C0C7A5EBF4CC15921BBB220B5A2EF7CF4545E2BE9755A61B2A16F7FBED
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3b6fa8f7-1953-4b80-9832-d874ab92b853.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5471
Entropy (8bit):	5.1797755363141285
Encrypted:	false
SSDEEP:	96:nQErsF9aRiUESKIX96OIk0JCKL8xmAbOTQVuwn:n/rc9aRiUESt96OC4KW
MD5:	93E2C7B42204168AAF2095484EC4CA86
SHA1:	4A76302452558671FB164F8AB548E5A2F6A2FC27
SHA-256:	264102FBB6897015AAD8040787369CC3D181EE055114D2FB166C5FEBF40B6E53
SHA-512:	F7860C4E15549C72B32290F77D864E3591FF7595F7069801D17676A4FE3683F967AFCCD112C68F6C868B1940927A92770B1DCD6FA06735F2FA35B8A2C864306B
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\46e4a9bc-020d-4421-b5a3-beeb71672d73.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5471
Entropy (8bit):	5.1797755363141285
Encrypted:	false
SSDEEP:	96:nQErsF9aRiUESKIX96OIk0JCKL8xmAbOTQVuwn:n/rc9aRiUESt96OC4KW
MD5:	93E2C7B42204168AAF2095484EC4CA86
SHA1:	4A76302452558671FB164F8AB548E5A2F6A2FC27
SHA-256:	264102FBB6897015AAD8040787369CC3D181EE055114D2FB166C5FEBF40B6E53
SHA-512:	F7860C4E15549C72B32290F77D864E3591FF7595F7069801D17676A4FE3683F967AFCCD112C68F6C868B1940927A92770B1DCD6FA06735F2FA35B8A2C864306B
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\48ef3984-b0f3-4584-a9c9-7e8dab33827f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5381
Entropy (8bit):	5.175169024793792
Encrypted:	false
SSDEEP:	96:nQErhF9aRiUESKIX96OIk0JCKL8xpbOTQVuwn:n/rb9aRiUESt96OC4KE
MD5:	CDC1650CBC6A043E3543AB846915CF03
SHA1:	59AC2E63C5E4362D58897116DE84D52EEECC6A05
SHA-256:	9A9237AE6BBAACDBE626E0035A1B8564172996A35E388EA4C5A64434FD7FEF6B
SHA-512:	3675301F67AF670C97B993DBCA45C5158BFEC446E52B7B7FE5F3F92051C02BF3E1CB81C0C7A5EBF4CC15921BBB220B5A2EF7CF4545E2BE9755A61B2A16F7FBED
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\49e77ac5-e9b9-40f2-a5df-feae6319074f.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5381
Entropy (8bit):	5.175169024793792
Encrypted:	false
SSDEEP:	96:nQErhF9aRiUESKIX96OIk0JCKL8xpbOTQVuwn:n/rb9aRiUESt96OC4KE
MD5:	CDC1650CBC6A043E3543AB846915CF03
SHA1:	59AC2E63C5E4362D58897116DE84D52EEECC6A05
SHA-256:	9A9237AE6BBAACDBE626E0035A1B8564172996A35E388EA4C5A64434FD7FEF6B
SHA-512:	3675301F67AF670C97B993DBCA45C5158BFEC446E52B7B7FE5F3F92051C02BF3E1CB81C0C7A5EBF4CC15921BBB220B5A2EF7CF4545E2BE9755A61B2A16F7FBED
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5eb9bf0d-0dd0-4b93-9520-e33dcdb68c7d.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.5359765327643755
Encrypted:	false
SSDEEP:	384:M2wgtyxLluHXD1kXqKf/pUZNCgVLH2HfDYrUKHG7nT9ra8H4/:MrLlID1kXqKf/pUZNCgVLH2HfMrUaG7e
MD5:	D7F7843C2C12B09CB6567087B7B1F9D0
SHA1:	63C9DC39D27D0E86BB1D7F612A74D2BA31968FC5
SHA-256:	6039C0CCAFB93D4FD87DBC622A5CC696B96BAED0C0B848A3C8C167AFC461E666
SHA-512:	9D75AD0E5BBBEC7EAD1C7C4C95369EBBB9F61E836ACC86A852D3E0B180CB52EE06A55D11804F95841492EDB7403688B504072C5B15AADD9E94F1AE35AA504106
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272531494767490","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8d879590-a5dc-43a2-81ef-44d1e74cbfac.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1041
Entropy (8bit):	5.570575515219642
Encrypted:	false
SSDEEP:	24:YT6H0UhHPkG1KUe4pM3jXUUaUeCf7wU3RUeIQ:YT6UUhvDKUe4IjXUHUeCzwUhUeh
MD5:	24714CA7B53615B50D8D7001A5FCEC42
SHA1:	E6A23ED01F1C1224BBD6B18D8341BAA75566FFAD
SHA-256:	1F3951169A2D0AD79607BB0194299646597887D382B4D8CCA410858C848BB58B
SHA-512:	B2D932299C10D0C1FEE52CA1C69D52B4E6EE4C845DB6AC3E2B155D8A366054EFEDBC4159AB58948DAB579800665904694D7F73671C896A5412253EF9752C7B84
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601477028.822838},{"expiry":1633013028.743725,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477028.743728},{"expiry":1659593899.977239,"host":"tDq6akkQQG721TNufp6qVaUuWripQa/5OFnRpVuemtY=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1628057899.977247},{"expiry":1633013040.850112,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477040.850115},{"expiry":1659593899.945664,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1628057899.94567},{"expiry":1633013028.952627,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9b24538b-5041-4d08-892a-f53da32dfef7.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:L:L
MD5:	5058F1AF8388633F609CADB75A75DC9D
SHA1:	3A52CE780950D4D969792A2559CD519D7EE8C727
SHA-256:	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
SHA-512:	0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
Malicious:	false
Preview:	.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.155516978169087
Encrypted:	false
SSDEEP:	6:mlIb4q2P923iKKdK9RXXTZIFUtpqDJZmwPqrXLDkwO923iKKdK9RXX5LJ:aIb4v45Kk7XT2FUtpqDJ/PqnD5L5Kk73
MD5:	4B6DE37E8202105AF34EAB2FE39BFB9D
SHA1:	D5D0C2D5E6F0BFE30444F172E28EBC9730625C20
SHA-256:	1A6C85EC5BAE36DD63113C82528CABFE6768166821A6187F4D41E934433B7001
SHA-512:	3EB304E6BFA002D6241B0EB70CF25ADACE786B04D7DBFAE830F1BD3C8AF22CA399EC659C01CC6FFD1A90BE14565C1B84158621AD33D970831413FFEE8A108049
Malicious:	false
Preview:	2021/08/03-23:18:21.352 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/08/03-23:18:21.375 1124 Recovering log #3.2021/08/03-23:18:21.380 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.oldp (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.155516978169087
Encrypted:	false
SSDEEP:	6:mlIb4q2P923iKKdK9RXXTZIFUtpqDJZmwPqrXLDkwO923iKKdK9RXX5LJ:aIb4v45Kk7XT2FUtpqDJ/PqnD5L5Kk73
MD5:	4B6DE37E8202105AF34EAB2FE39BFB9D
SHA1:	D5D0C2D5E6F0BFE30444F172E28EBC9730625C20
SHA-256:	1A6C85EC5BAE36DD63113C82528CABFE6768166821A6187F4D41E934433B7001
SHA-512:	3EB304E6BFA002D6241B0EB70CF25ADACE786B04D7DBFAE830F1BD3C8AF22CA399EC659C01CC6FFD1A90BE14565C1B84158621AD33D970831413FFEE8A108049
Malicious:	false
Preview:	2021/08/03-23:18:21.352 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/MANIFEST-000001.2021/08/03-23:18:21.375 1124 Recovering log #3.2021/08/03-23:18:21.380 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.145962639120092
Encrypted:	false
SSDEEP:	6:mlK34q2P923iKKdKyDZIFUtpqOz3JZmwPqvRDkwO923iKKdKyJLJ:as4v45Kk02FUtpqObJ/PqZD5L5KkWJ
MD5:	DC5BB4E46EFBDD0AC70F1611097A08C0
SHA1:	5811FA6196341B25D1063BA40D959FE23BD694D2
SHA-256:	74B345FEB0D96684FD688169BEC268398D3BAFE76BD615B4E58CC494D3FBBCB7
SHA-512:	A614D7EEA965EDFA7CFBF4924ADC8C742FF0BD9E89BCEABB8F912A874E34DE1B03D75BDE702E2511BDC40CF713913BAB669F6BC2A0D6196A783EF9F810C240C9
Malicious:	false
Preview:	2021/08/03-23:18:21.334 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/08/03-23:18:21.336 1124 Recovering log #3.2021/08/03-23:18:21.337 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	320
Entropy (8bit):	5.145962639120092
Encrypted:	false
SSDEEP:	6:mlK34q2P923iKKdKyDZIFUtpqOz3JZmwPqvRDkwO923iKKdKyJLJ:as4v45Kk02FUtpqObJ/PqZD5L5KkWJ
MD5:	DC5BB4E46EFBDD0AC70F1611097A08C0
SHA1:	5811FA6196341B25D1063BA40D959FE23BD694D2
SHA-256:	74B345FEB0D96684FD688169BEC268398D3BAFE76BD615B4E58CC494D3FBBCB7
SHA-512:	A614D7EEA965EDFA7CFBF4924ADC8C742FF0BD9E89BCEABB8F912A874E34DE1B03D75BDE702E2511BDC40CF713913BAB669F6BC2A0D6196A783EF9F810C240C9
Malicious:	false
Preview:	2021/08/03-23:18:21.334 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/MANIFEST-000001.2021/08/03-23:18:21.336 1124 Recovering log #3.2021/08/03-23:18:21.337 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	12288
Entropy (8bit):	0.6863571317626186
Encrypted:	false
SSDEEP:	12:TLyen4ufFdbXGwcFOaOndOtJRbGMNmt2SH/+eVpUHFxOUwae6:TLyqJLbXaFpEO5bNmISHn06Uwd
MD5:	1C0EAEEE6463CAE33B7A7CD9D9DF4DA5
SHA1:	FBC6A28A1501E40154FDC0A9D0C2F34A5F88AA65
SHA-256:	ED8AE7C5E6885874A39F4E86258F552670352A18D29BE1FF4D372A2F4CD06C8A
SHA-512:	355D19828609971998B09B36E7C7D304B7FB88C7A726670BEBF5CF2E2710F8E71B0F9DEF6FE9712B484C1EB122AEEEFDECF31D13E02C4539C399DFB86EC7619F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12836
Entropy (8bit):	0.9698614932760379
Encrypted:	false
SSDEEP:	24:o6IL4rtEy8R9vqLbJLbXaFpEO5bNmISHn06Uwx8:o6I+Sq5LLOpEO5J/Kn7Ua8
MD5:	CB0195803E49A6956E206D32CCE14AE0
SHA1:	EDCA505429D7E5450E0CDF7D4072D903D61E452A
SHA-256:	6AA2B2F2187F7CE039A120F88948285A026B862B54D5736D1FC45E5A48A91DF6
SHA-512:	EFA497142E4C5D091A05603E7C85CE9376D44E78FEC63A0C0CB5D9F05E3B4D0598C0A754F1C5E0D01FAD049EBC27CC2074E81914025025CFACC87E90AD6F986D
Malicious:	false
Preview:	............d..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1892
Entropy (8bit):	3.3467543205146653
Encrypted:	false
SSDEEP:	48:34fZxec0kOIKYS4O/1fx/9RRxRxRRxRRRL:34fa6KLfdH
MD5:	9B581E25449CF7A047DB8D6F8E55F602
SHA1:	7CAAE35BCA8C256668D63DF633479ABA5FFACFD8
SHA-256:	7147EDA539B7A28F6E95BC799E22AFD6BA32C42E6D942CEBC45095EBB0DB6702
SHA-512:	572D9D48367EDB7B2E7138984C2A649B102815FD9CE7C1C3883E3BF76F3A0C1C1DC871B476C4E866015DF14FB8595E797C56B6B0A995A52B5D3035CD4380813D
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...3fcbc848_42d3_4216_9956_b2e264f6189a.........................T................................................................................5..0.......&...{2F4F8386-A58B-4B0C-A17B-2FAAF764E551}............................>...file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html......M.i.c.r.o.s.o.f.t. .S.h.a.r.e.P.o.i.n.t.................................................h.......`........................................................`......`.................................................>...f.i.l.e.:./././.C.:./.U.s.e.r.s./.a.l.f.o.n.s./.D.e.s.k.t.o.p./.S.t.a.t.e.%.2.0.S.e.t.t.l.e.m.e.n.t.%.2.0.C.o.p.y...h.t.m.l.............................8.......0...............(.......@.......`...............................h...0.......?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.n. .1.0. .....=.&.................\|...:...h.t.t.p.s.:././.m.a.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	164
Entropy (8bit):	4.391736045892206
Encrypted:	false
SSDEEP:	3:FQxlXayz/t2Hmwg0EOZL7Ao4uhFkEuRLKyC5Ei5+Gg:qT5z/t2qoEwhXeLKB
MD5:	0A906A9A542CDF08FF50DAAF1D1E596E
SHA1:	B97D6274196F40874A368C265799F5FA78C52893
SHA-256:	EB9CABBF5FDA1AD535300B0110EAA4068A083248BA928A631C9278545935426D
SHA-512:	8795E905B711ADE6B1C4B402D50AF491B64D157AA738669482DDBFC30E857DF970BFFB774A925F3F4A0802BD27AFAF939CE140894FF09B67FB9C0BB83ED4491A
Malicious:	false
Preview:	.f.5................i.Wd...............Sgdaefkejpgkiemlaofpalmlakkmbjdnl.declarative_rules.declarativeContent.onPageChanged.[]..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.160791736336541
Encrypted:	false
SSDEEP:	6:mYkmL+q2P923iKKdK8aPrqIFUtpv61ZmwPv7lLVkwO923iKKdK8amLJ:/vyv45KkL3FUtpv8/Pv7lR5L5KkQJ
MD5:	357CC50082A0E5F3D8A300E8B19B178C
SHA1:	453FB90B4CFD9BB2E1005FFA159ABCCE82F5AFDC
SHA-256:	187DA48ED020A5229F7C8724ABE0599151D0DFEC0F252BDF30661E73594EFB2F
SHA-512:	CBE98075B135A383CE9ABD0A24A08A5918A5040654DD8E68D26BCFB773F28AA75E5670B384E19EA75D4C296F0B70EC21853E7E40A3E92FD28870C86F14B2F958
Malicious:	false
Preview:	2021/08/03-23:18:14.979 1138 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/03-23:18:14.981 1138 Recovering log #3.2021/08/03-23:18:14.982 1138 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.160791736336541
Encrypted:	false
SSDEEP:	6:mYkmL+q2P923iKKdK8aPrqIFUtpv61ZmwPv7lLVkwO923iKKdK8amLJ:/vyv45KkL3FUtpv8/Pv7lR5L5KkQJ
MD5:	357CC50082A0E5F3D8A300E8B19B178C
SHA1:	453FB90B4CFD9BB2E1005FFA159ABCCE82F5AFDC
SHA-256:	187DA48ED020A5229F7C8724ABE0599151D0DFEC0F252BDF30661E73594EFB2F
SHA-512:	CBE98075B135A383CE9ABD0A24A08A5918A5040654DD8E68D26BCFB773F28AA75E5670B384E19EA75D4C296F0B70EC21853E7E40A3E92FD28870C86F14B2F958
Malicious:	false
Preview:	2021/08/03-23:18:14.979 1138 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/MANIFEST-000001.2021/08/03-23:18:14.981 1138 Recovering log #3.2021/08/03-23:18:14.982 1138 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	570
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWW
MD5:	D4BA0AE0BB0B9FAFF3DA6F35FDBC3C8A
SHA1:	FB3E9DEC7F35A9B1D94E54A5659DD0DE484055E7
SHA-256:	99DEF1B557F19F04C1AFFC6F247D0451F33FC10EC42E73792223C3215AC98BE6
SHA-512:	86FD07C34B9ABD4C52BA19EAE291936F92BC6D38A75C021EDC1DEDBC15617669876180CD99F959C62476D82EC6BB9F5FE4C6CB4D82CB037EFB76D99A4D3D9C51
Malicious:	false
Preview:	.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.178771856149213
Encrypted:	false
SSDEEP:	6:mHhFN+q2P923iKKdK8NIFUtp4iZmwPOu+VkwO923iKKdK8+eLJ:0Ov45KkpFUtpj/POuO5L5KkqJ
MD5:	AAC3D992EBAE1991A4E2C3EB7B5CA175
SHA1:	74BCD62D3777CFCE0C98079EF6433129FD6DC3DC
SHA-256:	FBA07AD4478A019C50A023F58D38BD5F975FC9B7A384E821A63E351DE1E4BADE
SHA-512:	2D29378EB3E64E69AD3D3593B63F13CA9366C124826CBA6E19880384DE0D59209D222FBD0DCA848E2DCC901E45B284B389448267850EFA302AE2A5AEAAB987FC
Malicious:	false
Preview:	2021/08/03-23:18:17.266 11b8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/03-23:18:17.267 11b8 Recovering log #3.2021/08/03-23:18:17.268 11b8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.178771856149213
Encrypted:	false
SSDEEP:	6:mHhFN+q2P923iKKdK8NIFUtp4iZmwPOu+VkwO923iKKdK8+eLJ:0Ov45KkpFUtpj/POuO5L5KkqJ
MD5:	AAC3D992EBAE1991A4E2C3EB7B5CA175
SHA1:	74BCD62D3777CFCE0C98079EF6433129FD6DC3DC
SHA-256:	FBA07AD4478A019C50A023F58D38BD5F975FC9B7A384E821A63E351DE1E4BADE
SHA-512:	2D29378EB3E64E69AD3D3593B63F13CA9366C124826CBA6E19880384DE0D59209D222FBD0DCA848E2DCC901E45B284B389448267850EFA302AE2A5AEAAB987FC
Malicious:	false
Preview:	2021/08/03-23:18:17.266 11b8 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/MANIFEST-000001.2021/08/03-23:18:17.267 11b8 Recovering log #3.2021/08/03-23:18:17.268 11b8 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	11217
Entropy (8bit):	6.069602775336632
Encrypted:	false
SSDEEP:	192:GbylJnlTwGB7V9Hne4qasKxXItmLG48gcLg/PkI:Gb+nldByaFx4toj8VEPT
MD5:	90F880064A42B29CCFF51FE5425BF1A3
SHA1:	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF
SHA-256:	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
SHA-512:	D9CBFCD865356F19A57954F8FD952CAF3D31B354112766C41892D1EF40BD2533682D4EC3F4DA0E59A5397364F67A484B45091BA94E6C69ED18AB681403DFD3F3
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["A+1PYW3V6CJbBuQ7aqrgYhyH3bT8PKyBXp3hN2slpI0=","WSOpQRkYTHjPSlG9Zif2a7TNhy43NDcG1Zg5Nv0UbH0=","jDctR8ImG5KZrQKm4kDjUB7FokSJfjo/pmvFowRVlaY=","LPxhhJiuU0lprt0T6flpS7TkaDg7MocrbmzO65xH6RI=","nZ9zLb2By96AkKXALRM+C0Eu11XUjPiMXEKjiCPdtHE=","wifibc1QfMBN2jrtUtLgsCefvuceTpAatmLvul11RJA=","dHjWlSIIdjj7MWqg3T8MG58RuuqRXk32vqi/13JqEgA=","zd3DV7dbvfNvx1hdhU01fW5ily52DLN0CFL/ADaEeTI=","DpjXcO85FFFY9KJFPkGNfFUtdQIOsGwO5jUckiUwY14=","gqid6l1+mk/6yWgUECRofI9lMipXgXh2jEN2+CxmPE0=","prDB91X2Mmfg/M/txVMITWBmEGbOGjqBTP7CMjYqdHs=","yLPAqV4gqoyS/zFkEt3Cn2j0q2v9QOSthVFfWn8EzCM=","EPQ3jzdrLkAHyvf3920B5Y3aAkO1IJdn/UtbnAmq6T0=","+oOc6ca+ChKUpTu+oa2ZRxRE+wG3QJmuYWEvYCs40NI=","3mBGNAiRlTANEQkqzU3TEi+5wJ0ubR5uwtS4/9OOM7w=","1A9NNawxuhu95H5eThvf1rewJ4QQWhhPNxJXO1C/n68=","E3vWLQxzmj+e5QxYbUscllJ5n0ITpw5JBHV1Kph3/KM=","i3I8ghdTF9c1ZXNBZmvsID+DV4gxBVN27rj9wsMtRpg=","R8B8qYabnMSlLPhrtu0hGYrHn3llsMHqBbi70gkIjEE=","rhlzuEvv2KRAFMms896xFwkNgPrw6WvmgPn6xrBSa2Y=","LAMXv6sRb0VZrY34aVXF3Fftxs

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	23474
Entropy (8bit):	6.059847580419268
Encrypted:	false
SSDEEP:	384:7dNc1NC6IcafusK4H1IIGRlhKlkIALQWdynQh2RX4K6M1tVztzr7XSNyzH:7dOscSRKc1nGRSkIhEw6M1tf7SNyb
MD5:	6AE2135EA4583C2F06CDEBEA4AE70FA4
SHA1:	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2
SHA-256:	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
SHA-512:	B5945E67D9F73DD1982D687E5C6D9B5D6B3886C8050363A259755C76AC0F93651F3425FA7C21AA6A13977AC1C8C9322F998F131648CB8909096058D4F0D23312
Malicious:	false
Preview:	{"file_hashes":[{"block_hashes":["DOZdV3jFvk12AM2JNDYKo3KZrIVRprmJ+sVGWkqqE4Q=","rVElW3Hu3T52SzDDUqGT5YiJTBGUv2h3pNuBKFlhZ1U=","X/3fg4KZxgQ1jBr5QGq0F5JnflgE27UErd88mrxTcxs=","VibLbpy0ig+5INMOU71fTYN76iaka2XVpmm1qAKYsX8=","EChCwCbQHbHQ7oDdGT2qNyiRJ0yck2YC2emNGq4whtE="],"block_size":4096,"path":"_locales/iw/messages.json"},{"block_hashes":["xklkoZ7iSU1+7cd6DAtEmUC5lPFd+EgcbnzxkOiFwlk=","3KbsvoxKY/3AwqgF2aAdVQRpMhsNVRkQ3rx2A6Z2Z+Y=","o9+tsohquaCMj+70zeinRG/hBhA2uLoDl/WoC1uokME=","xV/K8xucyWJELVT8Cqn+ugFjobBVmg8pnmACF+2PP4Y=","p/mvJm2wuCl32Rx3it654MljKAsMe3S9IDEabc1A8mE=","j8mPrTb5oOsBTj2Fer78JE6xG6+kR64Cvu2SW8d3j/k=","nqSRpGQ3USU2bZJsZ+AzBmFOyann8omwJrhEWFZDTXc=","eTcQyJUuNuF9yCga/fXGyFCj/pysSceanhBzksdx23s=","Wj7faqnspelXKMvnduxHn1XUBG8TEOqyns7/oUihekM=","VtBwXoadI3EP336rAiL33Gz19KGqtN+RYdKnMKAXoLw=","iDgLXQqXJp8nCZxgLuC9LXM45DGfufvGnXvmHsn18wc=","g+RfdDfrWTUK0Pkcsbot7NJ4SC9wVRV/dVVMuHAtEj8=","2oC4HcCuXu3VjFf6wnKlznt9uqQNaebcuWpm/mWj69U=","aMUIpuFqPMiieSaWhIktCK62v2P3OZQAWupWsYzCnvk=","L

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.8784775129881184
Encrypted:	false
SSDEEP:	3:FQxlX:qT
MD5:	0407B455F23E3655661BA46A574CFCA4
SHA1:	855CB7CC8EAC30458B4207614D046CB09EE3A591
SHA-256:	AB5C71347D95F319781DF230012713C7819AC0D69373E8C9A7302CAE3F9A04B7
SHA-512:	3020F7C87DC5201589FA43E03B1591ED8BEB64523B37EB3736557F3AB7D654980FB42284115A69D91DE44204CEFAB751B60466C0EF677608467DE43D41BFB939
Malicious:	false
Preview:	.f.5...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	374
Entropy (8bit):	5.212533690316111
Encrypted:	false
SSDEEP:	6:mdrF34q2P923iKKdK25+Xqx8chI+IFUtp3bJZmwP8RDkwO923iKKdK25+Xqx8chn:YrN4v45KkTXfchI3FUtpLJ/P8RD5L5KN
MD5:	6758D5FD66404810DC31D19264FF8D3B
SHA1:	042DAA3850DBBE2B32E376B8B2D2C5CFB740E833
SHA-256:	1D02D702DD02D59D6829377623CEADBDA9C49C38F9DF55A33D15E858942AB4C9
SHA-512:	2A692AFCCC162D8C75533AB1C1B44196596C0B9C4FED5DF6CAA43EE625C2E686C48FB2388FC3325A925AEFC3AF9CAE3F5FE245DE6E0B25466BDF00962927811F
Malicious:	false
Preview:	2021/08/03-23:18:21.254 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/08/03-23:18:21.257 1124 Recovering log #3.2021/08/03-23:18:21.258 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	374
Entropy (8bit):	5.212533690316111
Encrypted:	false
SSDEEP:	6:mdrF34q2P923iKKdK25+Xqx8chI+IFUtp3bJZmwP8RDkwO923iKKdK25+Xqx8chn:YrN4v45KkTXfchI3FUtpLJ/P8RD5L5KN
MD5:	6758D5FD66404810DC31D19264FF8D3B
SHA1:	042DAA3850DBBE2B32E376B8B2D2C5CFB740E833
SHA-256:	1D02D702DD02D59D6829377623CEADBDA9C49C38F9DF55A33D15E858942AB4C9
SHA-512:	2A692AFCCC162D8C75533AB1C1B44196596C0B9C4FED5DF6CAA43EE625C2E686C48FB2388FC3325A925AEFC3AF9CAE3F5FE245DE6E0B25466BDF00962927811F
Malicious:	false
Preview:	2021/08/03-23:18:21.254 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/MANIFEST-000001.2021/08/03-23:18:21.257 1124 Recovering log #3.2021/08/03-23:18:21.258 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	360
Entropy (8bit):	5.149436156876904
Encrypted:	false
SSDEEP:	6:mk4q2P923iKKdK25+XuoIFUtp1JZmwP/3DkwO923iKKdK25+XuxWLJ:J4v45KkTXYFUtp1J/P/3D5L5KkTXHJ
MD5:	1CA25CE89C3AD59487B6A8D168A54893
SHA1:	8B4EFED2BAF629A2568FA7EC6C85E303C9810934
SHA-256:	324131E2070901BE51BF19AC9EC830355B648BD5951CAA4263C4E658A129CCA4
SHA-512:	DB3BB38F879C462B4A42B673DD55AFC351FEFE539B7080CB9802932744B21EB654C4FBFEA8C423C91E58BA6FC59AD571C6CA8AD0986E7DD3BB2AF7FD9C8167B5
Malicious:	false
Preview:	2021/08/03-23:18:21.233 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/08/03-23:18:21.237 1124 Recovering log #3.2021/08/03-23:18:21.239 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	360
Entropy (8bit):	5.149436156876904
Encrypted:	false
SSDEEP:	6:mk4q2P923iKKdK25+XuoIFUtp1JZmwP/3DkwO923iKKdK25+XuxWLJ:J4v45KkTXYFUtp1J/P/3D5L5KkTXHJ
MD5:	1CA25CE89C3AD59487B6A8D168A54893
SHA1:	8B4EFED2BAF629A2568FA7EC6C85E303C9810934
SHA-256:	324131E2070901BE51BF19AC9EC830355B648BD5951CAA4263C4E658A129CCA4
SHA-512:	DB3BB38F879C462B4A42B673DD55AFC351FEFE539B7080CB9802932744B21EB654C4FBFEA8C423C91E58BA6FC59AD571C6CA8AD0986E7DD3BB2AF7FD9C8167B5
Malicious:	false
Preview:	2021/08/03-23:18:21.233 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/MANIFEST-000001.2021/08/03-23:18:21.237 1124 Recovering log #3.2021/08/03-23:18:21.239 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.136184529398279
Encrypted:	false
SSDEEP:	6:mcU34q2P923iKKdKWT5g1IdqIFUtpBcuUz3JZmwP6DkwO923iKKdKWT5g1I3ULJ:Y4v45Kkg5gSRFUtprUz3J/P6D5L5Kkgk
MD5:	5927F850834C58BA6758842267FA0329
SHA1:	C33546823B36D4920A985C30B536AFEA5F4BF775
SHA-256:	0F3C8DAF149CAE17FA2A4B1D0FB514E5F35589A1A8EE5ECE9F63B2206297B799
SHA-512:	BB903738D0DC4D94BD81035E3811156BF6881093F8BDE901E4513C77981E9D885BFAFEFE2BE2EF26CE36D9FDCEC54B2CEA7F311964812B4B84933AAD0B157331
Malicious:	false
Preview:	2021/08/03-23:18:21.201 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/03-23:18:21.209 1124 Recovering log #3.2021/08/03-23:18:21.210 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.oldld (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	332
Entropy (8bit):	5.136184529398279
Encrypted:	false
SSDEEP:	6:mcU34q2P923iKKdKWT5g1IdqIFUtpBcuUz3JZmwP6DkwO923iKKdKWT5g1I3ULJ:Y4v45Kkg5gSRFUtprUz3J/P6D5L5Kkgk
MD5:	5927F850834C58BA6758842267FA0329
SHA1:	C33546823B36D4920A985C30B536AFEA5F4BF775
SHA-256:	0F3C8DAF149CAE17FA2A4B1D0FB514E5F35589A1A8EE5ECE9F63B2206297B799
SHA-512:	BB903738D0DC4D94BD81035E3811156BF6881093F8BDE901E4513C77981E9D885BFAFEFE2BE2EF26CE36D9FDCEC54B2CEA7F311964812B4B84933AAD0B157331
Malicious:	false
Preview:	2021/08/03-23:18:21.201 1124 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/MANIFEST-000001.2021/08/03-23:18:21.209 1124 Recovering log #3.2021/08/03-23:18:21.210 1124 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.12431566645705337
Encrypted:	false
SSDEEP:	6:l9bNFlWCj/lvDIbjFfJD3JRxpF901K05Oo/lCxthiZlAGCxC+/ervy9OjFfJD3Jt:TLBj/h4BV3JRxxkNuQ/AGI/9wBV3JRxF
MD5:	DC509E0D17F8F452749C8DB8796DB32E
SHA1:	322D4558AE0251499940548E00FB67CA08A509A6
SHA-256:	BAA06B809B1FA5846ABFA4B7F6BA346FBA8795880EA069DC9A1AF1E0EFD3FC0E
SHA-512:	2AE0577A7CACAA9529B647619BCB69392112BDA1A18CD0AD221A3B8D38F1D9CD646C43E393173F34C08B800D01BEA4A16E12062FD58198307CCB6E06EFA8FDE0
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	697
Entropy (8bit):	5.284242455582765
Encrypted:	false
SSDEEP:	12:48Dy23PZMZu+qBOfvpQht3s1nc1EDx1ldwrfA1TBk778B/xgskZBa9sNiylEkqUQ:48DyQBZofve73/K5Y78BJgskfa9yBlE1
MD5:	46AD1E62E49B5FE38060C9201AFEE2C1
SHA1:	D33BB3D32049CA71AB28FD2AC33A777BA00F6E2C
SHA-256:	333CB71A415047C226BC2FFEE570FE5D46A45B711ABA3D4C72EB4DD1F504F6B9
SHA-512:	91F06979C95E327ACCD6CA01286D0C9A14884225FA64B805D03E14FA1EEDFDFFA0ECD20159F1E29290F17C20FBCE746285785D0F2807EF99BF05B1A2F45FDA2C
Malicious:	false
Preview:	............"Y....user..c..copy..desktop..file..html..microsoft..settlement..sharepoint..state..users........user......c......copy......desktop......file......html......microsoft......settlement......sharepoint......state......users..2.........a..........c..........d........e.............f..........h.........i..........k........l...........m..........n..........o............p..........r..........s..............t.............u........y...:e.....................................................................................................Bz...v...... ........>file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html2.Microsoft SharePoint:................J.............. &16....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	42076
Entropy (8bit):	0.09019851289313041
Encrypted:	false
SSDEEP:	12:Y0FryYI+WhpqLipS/T+3l3s75fOI60S9LURn:YkryYfWhpqLiUT+3y5fojNUR
MD5:	E6CB97F9621BF67B21D9D0E0E594B49B
SHA1:	7C882A8CC0DB185F8CEF6D7385744381170158E6
SHA-256:	F6AEB43D64898D524DEAC6A3D2E50B91556A036E4E99A9395424E300BABA92B1
SHA-512:	88C18CB0295D0068E90466C4BA8F4A745790E4437FCA62AA8239E95D381D80D324724AC23EA1557F03BD854FD9E4474E6C2AB49CF83637E0085BE023F1E08608
Malicious:	false
Preview:	.............S/7........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	1892
Entropy (8bit):	3.3467543205146653
Encrypted:	false
SSDEEP:	48:34fZxec0kOIKYS4O/1fx/9RRxRxRRxRRRL:34fa6KLfdH
MD5:	9B581E25449CF7A047DB8D6F8E55F602
SHA1:	7CAAE35BCA8C256668D63DF633479ABA5FFACFD8
SHA-256:	7147EDA539B7A28F6E95BC799E22AFD6BA32C42E6D942CEBC45095EBB0DB6702
SHA-512:	572D9D48367EDB7B2E7138984C2A649B102815FD9CE7C1C3883E3BF76F3A0C1C1DC871B476C4E866015DF14FB8595E797C56B6B0A995A52B5D3035CD4380813D
Malicious:	false
Preview:	SNSS....................................................!.............................................1..,.......$...3fcbc848_42d3_4216_9956_b2e264f6189a.........................T................................................................................5..0.......&...{2F4F8386-A58B-4B0C-A17B-2FAAF764E551}............................>...file:///C:/Users/user/Desktop/State%20Settlement%20Copy.html......M.i.c.r.o.s.o.f.t. .S.h.a.r.e.P.o.i.n.t.................................................h.......`........................................................`......`.................................................>...f.i.l.e.:./././.C.:./.U.s.e.r.s./.a.l.f.o.n.s./.D.e.s.k.t.o.p./.S.t.a.t.e.%.2.0.S.e.t.t.l.e.m.e.n.t.%.2.0.C.o.p.y...h.t.m.l.............................8.......0...............(.......@.......`...............................h...0.......?.%. .B.l.i.n.k. .s.e.r.i.a.l.i.z.e.d. .f.o.r.m. .s.t.a.t.e. .v.e.r.s.i.o.n. .1.0. .....=.&.................\|...:...h.t.t.p.s.:././.m.a.

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsic (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	1.8112781244591325
Encrypted:	false
SSDEEP:	3:3Dtn:3h
MD5:	0686D6159557E1162D04C44240103333
SHA1:	053E9DB58E20A67D1E158E407094359BF61D0639
SHA-256:	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
SHA-512:	884C0D3594390E2FC0AEAB05460F0783815170C4B57DB749B8AD9CD10741A5604B7A0F979465C4171AD9C14ED56359A4508B4DE58E794550599AAA261120976C
Malicious:	false
Preview:	SNSS....

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2955
Entropy (8bit):	5.461648742278038
Encrypted:	false
SSDEEP:	48:ICGsta7/M98dbwPf/bQSefgGaNrS0U9RdiN9o:Za7/MWdbwPf/bQ5fgGGrS02
MD5:	4FFCCD174AB2420C13C1CCDA6016046C
SHA1:	AE788251FBB7BF209FA14F386EE6D4777D45F85F
SHA-256:	C0549EC5306CF100EC5590EABDA2A7E313C4836DF6460AC7C54864A20BA34BBF
SHA-512:	88EA404EDED78DF99621B8B1E5B3FBDB8B3D2EA61CF288C434083C7206796E98D4692C6BA6E74DDA884D873A807B5B7CB5199A1BF78B8E82756F1094887E3A07
Malicious:	false
Preview:	...B...*............8META:chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm............Y_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.HangoutSinkDiscoveryService;.{"cache":{"sinks":{},"g":{},"h":null},"manualHangouts":{}}.a_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.IdGenerator.cast.RequestIdGenerator..219352000.H_chrome-extension://pkedcjkdefgpdelpbcmbmeomcjbeemfm..mr.temp.LogManager...["[2021-08-03 23:18:22.91][INFO][mr.Init] MR instance ID: f6a432d7-c759-4ddd-9885-2ee1f1fedb7e\n","[2021-08-03 23:18:22.91][INFO][mr.Init] Native Cast MRP is disabled.\n","[2021-08-03 23:18:22.91][INFO][mr.Init] Native Mirroring Service is enabled.\n","[2021-08-03 23:18:22.91][INFO][mr.PersistentDataManager] removeTemporary_: 163 chars used\n","[2021-08-03 23:18:22.91][INFO][mr.PersistentDataManager] initialize: 163 chars used, 67 other chars\n","[2021-08-03 23:18:22.92][INFO][mr.CastProvider] Query enabled: true\n","[2021-08-03 23:18:22.92][INFO][mr.CloudProvider]

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.119918563750622
Encrypted:	false
SSDEEP:	6:mYpWOq2P923iKKdK8a2jMGIFUtpvpUc0ZmwPvpUUDkwO923iKKdK8a2jMmLJ:/tv45Kk8EFUtpv6c0/Pv6K5L5Kk8bJ
MD5:	F0B3191D541F7088161CED96B2B37125
SHA1:	BF3A0D4C3F9C51080DC36F00F2CE53E1A211B9D3
SHA-256:	1D3E43B1C7832AE8EBAC7AF4F35B7F66A2AEEB3DC33BE78B9B796FF7E185D948
SHA-512:	E2F32E1EBE425C61667199E5FD853F0B55A8D95D67B73E591FFD1FDC285D2129D73B87115677E307A9BC3DA3C35065AE9215BC00393732EE7FB353C358F9DEFD
Malicious:	false
Preview:	2021/08/03-23:18:14.808 8c4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/03-23:18:14.811 8c4 Recovering log #3.2021/08/03-23:18:14.812 8c4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	331
Entropy (8bit):	5.119918563750622
Encrypted:	false
SSDEEP:	6:mYpWOq2P923iKKdK8a2jMGIFUtpvpUc0ZmwPvpUUDkwO923iKKdK8a2jMmLJ:/tv45Kk8EFUtpv6c0/Pv6K5L5Kk8bJ
MD5:	F0B3191D541F7088161CED96B2B37125
SHA1:	BF3A0D4C3F9C51080DC36F00F2CE53E1A211B9D3
SHA-256:	1D3E43B1C7832AE8EBAC7AF4F35B7F66A2AEEB3DC33BE78B9B796FF7E185D948
SHA-512:	E2F32E1EBE425C61667199E5FD853F0B55A8D95D67B73E591FFD1FDC285D2129D73B87115677E307A9BC3DA3C35065AE9215BC00393732EE7FB353C358F9DEFD
Malicious:	false
Preview:	2021/08/03-23:18:14.808 8c4 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2021/08/03-23:18:14.811 8c4 Recovering log #3.2021/08/03-23:18:14.812 8c4 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State35 (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.871599185186076
Encrypted:	false
SSDEEP:	48:YXs2MHRzsoMHT5s0MHyKsTMHksrDys4Csb7synWsQItFsym6zs6zMHWLsZMH5YhV:+GDGTHGmGHDW1/nOIbmOGlGGhVD
MD5:	829D5654ADF098AD43036E24C47F2A94
SHA1:	506C8BA397509BA0357787950C538C1879047DF3
SHA-256:	4D0B852D18FCA5C1A712904CF6DB3811FB905E86D8A7508A2D42F9C8D68E2211
SHA-512:	D9B18E6B0AD1E8E4BECF9E84BBE30D64730CFEC2CBEAF96D5DF52E28B907B03EADF22F020FBE0A56D137A52F4F09798031BC6CA026CFA8A979A608B3445DBCAA
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600883925","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":40156},"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542628822803","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":30856},"server":"https://dns.google","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600893104","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":25300},"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"expiration":"13248542600872791","port":443,"protocol_str":"quic"}],"isolation":[],"network_stats":{"srtt":34789},"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[],"exp

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State61 (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	2023
Entropy (8bit):	4.842967228444897
Encrypted:	false
SSDEEP:	48:Y2n6qtwTCXDHzMW6ZsQRSBsTTs7zMHPsEyKsC3gYhbxD:JnxOTCXDHzMW670IKzGJnxhVD
MD5:	5A4D038FAB9B8B3E72B1E597EA45651B
SHA1:	8E95303075DD4AC2283A10EC6F1EE3AE0DB60581
SHA-256:	B737DA9F41DDCA45314E401CF75A93592C8B56DD1E19EC9A038EA79171457F4F
SHA-512:	124996E6EB73DC5F2A855D1496D2D4B52D40417510CFCCC3EA0607BC1FE8621A44E5DCC60CFD37D9B1B8722488B86F07E56ACCC4BC783A3EE691C0B70400DA98
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"isolation":[],"server":"https://t4.ftcdn.net","supports_spdy":true},{"isolation":[],"server":"https://cdn.mosoah.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":"13275123499945539","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://accounts.google.com","supports_spdy":true},{"isolation":[],"server":"https:/

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent Statemp (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1785
Entropy (8bit):	4.813262947667433
Encrypted:	false
SSDEEP:	48:Y2n6qtwTCXDHyvzM3qW6ZsQRSBsTTs7zMH8YhbxD:JnxOTCXDH+zMaW670IKzGthVD
MD5:	DC250CD51ED71B1960A323E6B9AB4936
SHA1:	3115E835F4ADD78F1CCC20568B61426D2502CFFB
SHA-256:	7D7BAE1171FD4A562785BC114D09CE9A5E91D6860CCE51A923D675FFDEA2ABBF
SHA-512:	523AD96F292DBFF73524F281DC386E90443344CB6705C0D55152E1D9F6BE6A4A0A922A26D690FF25D9E68B7DD94A97FA394A43836D60B94B18CFC3053AC40630
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"isolation":[],"server":"https://www.google.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://ssl.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://www.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://fonts.gstatic.com","supports_spdy":true},{"isolation":[],"server":"https://apis.google.com","supports_spdy":true},{"isolation":[],"server":"https://ogs.google.com","supports_spdy":true},{"isolation":[],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"isolation":[],"server":"https://dns.google","supports_spdy":true},{"isolation":[],"server":"https://www.googleapis.com","supports_spdy":true},{"isolation":[],"server":"https://t4.ftcdn.net","supports_spdy":true},{"isolation":[],"server":"https://cdn.mosoah.com","supports_spdy":true},{"alternative_service":[{"advertised_versions":[50],"expiration":

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.163609148340295
Encrypted:	false
SSDEEP:	6:mhuFN+q2P923iKKdKgXz4rRIFUtphHZZmwPRIVkwO923iKKdKgXz4q8LJ:gv45KkgXiuFUtph5/PRg5L5KkgX2J
MD5:	4411CD14CB742DB6DA1727A3B6218F57
SHA1:	8EF6C09718B47F2A09C82204FDEB533349DEBD5C
SHA-256:	5D07044648D55D67F4A885DAA98B54141C647E9A78300513B713AFD2B7429100
SHA-512:	BEF29121C32E6C3E10C2A4D892F229E616C1232DC30B6955E4FDFED0E40DA031B5DF09B68C2DC634A308BFAD77A024655B28983700EFDA10F901AC6E2BD027BC
Malicious:	false
Preview:	2021/08/03-23:18:15.011 1578 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/08/03-23:18:15.013 1578 Recovering log #3.2021/08/03-23:18:15.014 1578 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	336
Entropy (8bit):	5.163609148340295
Encrypted:	false
SSDEEP:	6:mhuFN+q2P923iKKdKgXz4rRIFUtphHZZmwPRIVkwO923iKKdKgXz4q8LJ:gv45KkgXiuFUtph5/PRg5L5KkgX2J
MD5:	4411CD14CB742DB6DA1727A3B6218F57
SHA1:	8EF6C09718B47F2A09C82204FDEB533349DEBD5C
SHA-256:	5D07044648D55D67F4A885DAA98B54141C647E9A78300513B713AFD2B7429100
SHA-512:	BEF29121C32E6C3E10C2A4D892F229E616C1232DC30B6955E4FDFED0E40DA031B5DF09B68C2DC634A308BFAD77A024655B28983700EFDA10F901AC6E2BD027BC
Malicious:	false
Preview:	2021/08/03-23:18:15.011 1578 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/MANIFEST-000001.2021/08/03-23:18:15.013 1578 Recovering log #3.2021/08/03-23:18:15.014 1578 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5381
Entropy (8bit):	5.175169024793792
Encrypted:	false
SSDEEP:	96:nQErhF9aRiUESKIX96OIk0JCKL8xpbOTQVuwn:n/rb9aRiUESt96OC4KE
MD5:	CDC1650CBC6A043E3543AB846915CF03
SHA1:	59AC2E63C5E4362D58897116DE84D52EEECC6A05
SHA-256:	9A9237AE6BBAACDBE626E0035A1B8564172996A35E388EA4C5A64434FD7FEF6B
SHA-512:	3675301F67AF670C97B993DBCA45C5158BFEC446E52B7B7FE5F3F92051C02BF3E1CB81C0C7A5EBF4CC15921BBB220B5A2EF7CF4545E2BE9755A61B2A16F7FBED
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences. (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5471
Entropy (8bit):	5.1797755363141285
Encrypted:	false
SSDEEP:	96:nQErsF9aRiUESKIX96OIk0JCKL8xmAbOTQVuwn:n/rc9aRiUESt96OC4KW
MD5:	93E2C7B42204168AAF2095484EC4CA86
SHA1:	4A76302452558671FB164F8AB548E5A2F6A2FC27
SHA-256:	264102FBB6897015AAD8040787369CC3D181EE055114D2FB166C5FEBF40B6E53
SHA-512:	F7860C4E15549C72B32290F77D864E3591FF7595F7069801D17676A4FE3683F967AFCCD112C68F6C868B1940927A92770B1DCD6FA06735F2FA35B8A2C864306B
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesED (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5471
Entropy (8bit):	5.1797755363141285
Encrypted:	false
SSDEEP:	96:nQErsF9aRiUESKIX96OIk0JCKL8xmAbOTQVuwn:n/rc9aRiUESt96OC4KW
MD5:	93E2C7B42204168AAF2095484EC4CA86
SHA1:	4A76302452558671FB164F8AB548E5A2F6A2FC27
SHA-256:	264102FBB6897015AAD8040787369CC3D181EE055114D2FB166C5FEBF40B6E53
SHA-512:	F7860C4E15549C72B32290F77D864E3591FF7595F7069801D17676A4FE3683F967AFCCD112C68F6C868B1940927A92770B1DCD6FA06735F2FA35B8A2C864306B
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesRo (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5471
Entropy (8bit):	5.179824253290331
Encrypted:	false
SSDEEP:	96:nQEr5F9aRiUESKIX96OIk0JCKL8xmAbOTQVuwn:n/rj9aRiUESt96OC4KW
MD5:	452F13B192F941D05A8EE9B9087906D6
SHA1:	9020197CDC7E4600004DD19AAFBC68966F70C233
SHA-256:	A8213EA407E26D26B4080DE56E075EC6541CEB9F1E43D2F96391C8C52031373B
SHA-512:	F8D1C9AEF963231B26377C4A50B0E50120990DF3D9D6AAF785912711FEF591CD5DAB5D65ECF010B1D29BFEA41ADFD462C2E2E5B0AC1AD5D7719F5255B714554A
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesTM (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5381
Entropy (8bit):	5.175169024793792
Encrypted:	false
SSDEEP:	96:nQErhF9aRiUESKIX96OIk0JCKL8xpbOTQVuwn:n/rb9aRiUESt96OC4KE
MD5:	CDC1650CBC6A043E3543AB846915CF03
SHA1:	59AC2E63C5E4362D58897116DE84D52EEECC6A05
SHA-256:	9A9237AE6BBAACDBE626E0035A1B8564172996A35E388EA4C5A64434FD7FEF6B
SHA-512:	3675301F67AF670C97B993DBCA45C5158BFEC446E52B7B7FE5F3F92051C02BF3E1CB81C0C7A5EBF4CC15921BBB220B5A2EF7CF4545E2BE9755A61B2A16F7FBED
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesa (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5471
Entropy (8bit):	5.1797755363141285
Encrypted:	false
SSDEEP:	96:nQErsF9aRiUESKIX96OIk0JCKL8xmAbOTQVuwn:n/rc9aRiUESt96OC4KW
MD5:	93E2C7B42204168AAF2095484EC4CA86
SHA1:	4A76302452558671FB164F8AB548E5A2F6A2FC27
SHA-256:	264102FBB6897015AAD8040787369CC3D181EE055114D2FB166C5FEBF40B6E53
SHA-512:	F7860C4E15549C72B32290F77D864E3591FF7595F7069801D17676A4FE3683F967AFCCD112C68F6C868B1940927A92770B1DCD6FA06735F2FA35B8A2C864306B
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferenceso (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	5381
Entropy (8bit):	5.175169024793792
Encrypted:	false
SSDEEP:	96:nQErhF9aRiUESKIX96OIk0JCKL8xpbOTQVuwn:n/rb9aRiUESt96OC4KE
MD5:	CDC1650CBC6A043E3543AB846915CF03
SHA1:	59AC2E63C5E4362D58897116DE84D52EEECC6A05
SHA-256:	9A9237AE6BBAACDBE626E0035A1B8564172996A35E388EA4C5A64434FD7FEF6B
SHA-512:	3675301F67AF670C97B993DBCA45C5158BFEC446E52B7B7FE5F3F92051C02BF3E1CB81C0C7A5EBF4CC15921BBB220B5A2EF7CF4545E2BE9755A61B2A16F7FBED
Malicious:	false
Preview:	{"account_id_migration_state":2,"account_tracker_service_last_update":"13272531494972262","alternate_error_pages":{"backup":true},"announcement_notification_service_first_run_time":"13245950583260338","autocomplete":{"retention_policy_last_version":85},"autofill":{"orphan_rows_removed":true},"browser":{"default_browser_infobar_last_declined":"13245950640095768","has_seen_welcome_page":true,"navi_onboard_group":"","should_reset_check_default_browser":false,"window_placement":{"bottom":974,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":984,"work_area_left":0,"work_area_right":1280,"work_area_top":0}},"countryid_at_install":21843,"data_reduction":{"daily_original_length":["0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","0","1538886"],"daily_received_length":["0","0","0","0","0","0","0","

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	0.9917729888778661
Encrypted:	false
SSDEEP:	48:TUIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGU7HHcRUGooTRsm:wIElwQF8mpcSvXYJCoWG1
MD5:	5F0D909C4F9C37E6F95F26D885436729
SHA1:	8063044BEF71FDB4401B04460D1B08FAA4CCB2E6
SHA-256:	3FD12BAAC06646D0DD48BA42D1FDDF4F91DED5F0BB90452E0012216AAF1EF81C
SHA-512:	983E94840ED8BB4D920914244A8C4B0EA82F9C202284FF636757EC1AC3BEAE177B9570B3FD95D1C66F24734E19B30892BBEFD784E575ADE7226ADAB3E83CC99F
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C..........g...^.........j............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL-journal Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	29252
Entropy (8bit):	0.6273669018060928
Encrypted:	false
SSDEEP:	48:VIqkIopK2rJNVr1GJmm8pF82phrJNVrdHX/cjrJN2yJ1n4n1GmhGUO64:VIhIElwQF8mpcSS
MD5:	AC6919080CC02FA8CF8A874CA6429734
SHA1:	5D95DC98359B01249A6496FCA8801AC9607BAA34
SHA-256:	54400275D3650F2140B007D087CC1D3C053B9E222305BC2C7C425AD848C53B0A
SHA-512:	529213FF76B46EC333F2278B4350F8CEDF00984F01A4526DD8081C1BA36B446270B0BEFCAFC33CBB056AC21D1A9CF0D6A994548EC52A1630A3B2C67BEBEB65F2
Malicious:	false
Preview:	............X.`h........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	UTF-8 Unicode text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	22596
Entropy (8bit):	5.5359765327643755
Encrypted:	false
SSDEEP:	384:M2wgtyxLluHXD1kXqKf/pUZNCgVLH2HfDYrUKHG7nT9ra8H4/:MrLlID1kXqKf/pUZNCgVLH2HfMrUaG7e
MD5:	D7F7843C2C12B09CB6567087B7B1F9D0
SHA1:	63C9DC39D27D0E86BB1D7F612A74D2BA31968FC5
SHA-256:	6039C0CCAFB93D4FD87DBC622A5CC696B96BAED0C0B848A3C8C167AFC461E666
SHA-512:	9D75AD0E5BBBEC7EAD1C7C4C95369EBBB9F61E836ACC86A852D3E0B180CB52EE06A55D11804F95841492EDB7403688B504072C5B15AADD9E94F1AE35AA504106
Malicious:	false
Preview:	{"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13272531494767490","location":5,"manifest":{"app":{"launch":{"web_url":"https://chrome.google.com/webstore"},"urls":["https://chrome.google.com/webstore"]},"description":"Discover great apps, games, extensions and themes for Google Chrome.","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Web Store","pe

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	114
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5ljljljljljl:5ljljljljljl
MD5:	1B4FA89099996CE3C9E5A0A9768230E8
SHA1:	9026E1E0906E3B3FE0E414EE814CC5A042807A04
SHA-256:	537818AAFD0902A8B2D58B483674391E33E762B5E1E8CD226D873098CCE9C8F9
SHA-512:	4279C9380ACC5AB329EC6BCDA10CCF0A7437CEF63845B63E741CE517042CFE83340D2D362DD6B9E039BF55E61F484CCF72B8FD8477D1D0292E0B879CB949461B
Malicious:	false
Preview:	..&f.................&f.................&f.................&f.................&f.................&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.131756769165602
Encrypted:	false
SSDEEP:	6:mYsmL+q2P923iKKdKrQMxIFUtpvuw1ZmwPvumLVkwO923iKKdKrQMFLJ:/3yv45KkCFUtpvue/PvumR5L5KktJ
MD5:	D4065B1A35B29D892696CD71B0E2204A
SHA1:	44837418FC7D247CC57DDF0B0B7626DE749196DD
SHA-256:	13F0DB2D5B0F1A967F5BB7E83F932D0113C0FB455C13DA54C5833DED0BC658D1
SHA-512:	A1FD2F6B296911EEF9181A1407269DAC5CFD9B0EA1210F08A6396A20EC5634B6F8BB4AD0017F5EC9A1D77F712124F47C178B1E245B215E24635BEE10B12D9534
Malicious:	false
Preview:	2021/08/03-23:18:14.971 1138 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/03-23:18:14.973 1138 Recovering log #3.2021/08/03-23:18:14.973 1138 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	322
Entropy (8bit):	5.131756769165602
Encrypted:	false
SSDEEP:	6:mYsmL+q2P923iKKdKrQMxIFUtpvuw1ZmwPvumLVkwO923iKKdKrQMFLJ:/3yv45KkCFUtpvue/PvumR5L5KktJ
MD5:	D4065B1A35B29D892696CD71B0E2204A
SHA1:	44837418FC7D247CC57DDF0B0B7626DE749196DD
SHA-256:	13F0DB2D5B0F1A967F5BB7E83F932D0113C0FB455C13DA54C5833DED0BC658D1
SHA-512:	A1FD2F6B296911EEF9181A1407269DAC5CFD9B0EA1210F08A6396A20EC5634B6F8BB4AD0017F5EC9A1D77F712124F47C178B1E245B215E24635BEE10B12D9534
Malicious:	false
Preview:	2021/08/03-23:18:14.971 1138 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/MANIFEST-000001.2021/08/03-23:18:14.973 1138 Recovering log #3.2021/08/03-23:18:14.973 1138 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.146058969552602
Encrypted:	false
SSDEEP:	6:mYH2+q2P923iKKdK7Uh2ghZIFUtpvOWZmwPvbVkwO923iKKdK7Uh2gnLJ:/H2+v45KkIhHh2FUtpvOW/PvbV5L5Kks
MD5:	7E91E6B153214C3B50779EFD5282E4D0
SHA1:	CF7B3C030FA08C69D120DC27EFBF9B165A9F316B
SHA-256:	89A86C0CB9DB3C7B2C925BC32EA045C735FDD8ECC6358F41FEF8CE6524D907C5
SHA-512:	16FAA6AE7093C825631D57A71F3D17C6CFE3081F2D1AC4135B7F286821A8FFAD09598EEC328720BB1D2FEE14DCC6B6EE6E08D0ECB1FA1759A415066853A58989
Malicious:	false
Preview:	2021/08/03-23:18:14.788 17ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/03-23:18:14.789 17ec Recovering log #3.2021/08/03-23:18:14.790 17ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	350
Entropy (8bit):	5.146058969552602
Encrypted:	false
SSDEEP:	6:mYH2+q2P923iKKdK7Uh2ghZIFUtpvOWZmwPvbVkwO923iKKdK7Uh2gnLJ:/H2+v45KkIhHh2FUtpvOW/PvbV5L5Kks
MD5:	7E91E6B153214C3B50779EFD5282E4D0
SHA1:	CF7B3C030FA08C69D120DC27EFBF9B165A9F316B
SHA-256:	89A86C0CB9DB3C7B2C925BC32EA045C735FDD8ECC6358F41FEF8CE6524D907C5
SHA-512:	16FAA6AE7093C825631D57A71F3D17C6CFE3081F2D1AC4135B7F286821A8FFAD09598EEC328720BB1D2FEE14DCC6B6EE6E08D0ECB1FA1759A415066853A58989
Malicious:	false
Preview:	2021/08/03-23:18:14.788 17ec Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/MANIFEST-000001.2021/08/03-23:18:14.789 17ec Recovering log #3.2021/08/03-23:18:14.790 17ec Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\4e22a8c8-c42a-4fbe-a5b6-2f7e75ea3527.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.956993026220225
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5rAcJksDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdVAsBdLJlyH7E4f3K33y
MD5:	0C03D530AC97788D62D27B2802C34D83
SHA1:	20F78B6B32D98FA52846C70DF78E4E5CEF663E2D
SHA-256:	7941FADA9867DAAE08EBC196BAFC6952DD506842C3E7D8FB14DF9D4E402D894B
SHA-512:	D5905C124060997A14322D12DECE5C00C63F7174743C740C974D00E88B03F203909CC2AC972B2759E8087B0B10F6306C6E66BF853319B5AC96907F34C8456C80
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248542588505091","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.2983557823772145
Encrypted:	false
SSDEEP:	6:mYj1q2P923iKKdKusNpV/2jMGIFUtpvbpZmwPvWFzkwO923iKKdKusNpV/2jMmLJ:/j1v45KkFFUtpvt/PvCz5L5KkOJ
MD5:	B3628250062EFFF27FC1B5DE6D7A1A32
SHA1:	6BD328BA9F70EACA58565D96325B272B8417FFB2
SHA-256:	FEBED2BE00AAFA911E0D18DD434C40EEB3D2E3CF97D45D7024BAD3B4559EC2CD
SHA-512:	30C0C26E99E93DCE60BB910938A9879FBC102D056C27F9A88E05DBE5E5E1C109F1DC7F0E7565A9CE8C75E0009326C43E54FFDC4CE5289DE16A523CEA70C826D0
Malicious:	false
Preview:	2021/08/03-23:18:14.952 1754 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/03-23:18:14.960 1754 Recovering log #3.2021/08/03-23:18:14.961 1754 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.2983557823772145
Encrypted:	false
SSDEEP:	6:mYj1q2P923iKKdKusNpV/2jMGIFUtpvbpZmwPvWFzkwO923iKKdKusNpV/2jMmLJ:/j1v45KkFFUtpvt/PvCz5L5KkOJ
MD5:	B3628250062EFFF27FC1B5DE6D7A1A32
SHA1:	6BD328BA9F70EACA58565D96325B272B8417FFB2
SHA-256:	FEBED2BE00AAFA911E0D18DD434C40EEB3D2E3CF97D45D7024BAD3B4559EC2CD
SHA-512:	30C0C26E99E93DCE60BB910938A9879FBC102D056C27F9A88E05DBE5E5E1C109F1DC7F0E7565A9CE8C75E0009326C43E54FFDC4CE5289DE16A523CEA70C826D0
Malicious:	false
Preview:	2021/08/03-23:18:14.952 1754 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/MANIFEST-000001.2021/08/03-23:18:14.960 1754 Recovering log #3.2021/08/03-23:18:14.961 1754 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent StateTM (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.956993026220225
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5rAcJksDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdVAsBdLJlyH7E4f3K33y
MD5:	0C03D530AC97788D62D27B2802C34D83
SHA1:	20F78B6B32D98FA52846C70DF78E4E5CEF663E2D
SHA-256:	7941FADA9867DAAE08EBC196BAFC6952DD506842C3E7D8FB14DF9D4E402D894B
SHA-512:	D5905C124060997A14322D12DECE5C00C63F7174743C740C974D00E88B03F203909CC2AC972B2759E8087B0B10F6306C6E66BF853319B5AC96907F34C8456C80
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248542588505091","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.2362173257012685
Encrypted:	false
SSDEEP:	12:0Bljyv45KkmiuFUtpETe/PE4iR5L5Kkm2J:0XjY45KkSgKTr4iDL5Kkr
MD5:	1C1C26E77A019947C1883FA3563DC1D4
SHA1:	FAAD9694D5E41D857C01BA58930B6AD310DC99DE
SHA-256:	587634DFD8842E4A20FB42EE09F17BB7ACC59DCBCEDDD1217CB0FB18C9D32A78
SHA-512:	68701FD3CCE175E9AC62FBEAB3AFAE3D29E76B93802C3B3BA3D82D8FB17C218C91EE23D8F76AA22CCF1101F783DD64A28FD5938F887F2BD536E2B1517A560834
Malicious:	false
Preview:	2021/08/03-23:18:15.005 1138 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/08/03-23:18:15.006 1138 Recovering log #3.2021/08/03-23:18:15.007 1138 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.2362173257012685
Encrypted:	false
SSDEEP:	12:0Bljyv45KkmiuFUtpETe/PE4iR5L5Kkm2J:0XjY45KkSgKTr4iDL5Kkr
MD5:	1C1C26E77A019947C1883FA3563DC1D4
SHA1:	FAAD9694D5E41D857C01BA58930B6AD310DC99DE
SHA-256:	587634DFD8842E4A20FB42EE09F17BB7ACC59DCBCEDDD1217CB0FB18C9D32A78
SHA-512:	68701FD3CCE175E9AC62FBEAB3AFAE3D29E76B93802C3B3BA3D82D8FB17C218C91EE23D8F76AA22CCF1101F783DD64A28FD5938F887F2BD536E2B1517A560834
Malicious:	false
Preview:	2021/08/03-23:18:15.005 1138 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/MANIFEST-000001.2021/08/03-23:18:15.006 1138 Recovering log #3.2021/08/03-23:18:15.007 1138 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.234365540703967
Encrypted:	false
SSDEEP:	6:mnt+q2P923iKKdKusNpZQMxIFUtpR2ZmwPTyVkwO923iKKdKusNpZQMFLJ:Yov45KkMFUtp0/PTK5L5KkTJ
MD5:	4B5DAA3AD492825DA718B1851CA1098C
SHA1:	76407CFD7571D1C9537F2DAA099B1AA9FC81C201
SHA-256:	6C975A97012E4E6FB3DA2299E12E464A57F9D9E8C46E34192C634C022465E2D4
SHA-512:	6992F8F8AFAF71EBAFAB4098D50D5409446F2752E184DBFB002083350BCB0FC3E1E17C7D5DE94BF44E7DEA2755DB2FF4F11B57D8421B5350668ADB170EB1E906
Malicious:	false
Preview:	2021/08/03-23:18:31.292 1578 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/08/03-23:18:31.300 1578 Recovering log #3.2021/08/03-23:18:31.302 1578 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old., (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.234365540703967
Encrypted:	false
SSDEEP:	6:mnt+q2P923iKKdKusNpZQMxIFUtpR2ZmwPTyVkwO923iKKdKusNpZQMFLJ:Yov45KkMFUtp0/PTK5L5KkTJ
MD5:	4B5DAA3AD492825DA718B1851CA1098C
SHA1:	76407CFD7571D1C9537F2DAA099B1AA9FC81C201
SHA-256:	6C975A97012E4E6FB3DA2299E12E464A57F9D9E8C46E34192C634C022465E2D4
SHA-512:	6992F8F8AFAF71EBAFAB4098D50D5409446F2752E184DBFB002083350BCB0FC3E1E17C7D5DE94BF44E7DEA2755DB2FF4F11B57D8421B5350668ADB170EB1E906
Malicious:	false
Preview:	2021/08/03-23:18:31.292 1578 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/MANIFEST-000001.2021/08/03-23:18:31.300 1578 Recovering log #3.2021/08/03-23:18:31.302 1578 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\4b36cb26-fbc3-43ea-8d7a-8dc1df58ddd0.tmp Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.976576189225149
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5OV/sDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdysBdLJlyH7E4f3K33y
MD5:	5886A009EB58EE06A16EFD6D1BA9A046
SHA1:	A867B5052F3FBB811693DF8CE3FDAA794F2F2E40
SHA-256:	9E3392126DE2D81D019E0AB3E17F20BADD0EC9FBD944BCB7C4DAF449D937D496
SHA-512:	D24F30A2E35F903AC10AACC4425C58BECB1C6BE2BA30A3C2B9D9D46CE04914AA71F55B3B16ED89081AD65A7090C77F5DC4A258B7B98D71E6A994D176536FBB27
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248542597817103","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1 Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	296
Entropy (8bit):	0.19535324365485862
Encrypted:	false
SSDEEP:	3:8E:8
MD5:	C4DF0FB10C4332150B2C336396CE1B66
SHA1:	780A76E101DE3DE2E68D23E64AB1A44D47A73207
SHA-256:	18FAB4D13CDA7E1DEE12DC091019A110A7304B6A65FC9A1F3E6173046BA38EF6
SHA-512:	51F0B463E97063A2357285D684FF159FDF6099E57C46F13C83E9D3F09D7A7CF03C1BA684BCCF36232FC50834F95953C3C68675C7B05AB4F84DEF1C566A5F3F5E
Malicious:	false
Preview:	.'..(...................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.141396159955113
Encrypted:	false
SSDEEP:	12:FFyv45KkkGHArBFUtpG/P2lR5L5KkkGHAryJ:jY45KkkGgPgbDL5KkkGga
MD5:	6A8EB141161AC4E748B554C46A155B55
SHA1:	4CF4BF038A33BD62ED5A69CB0BF2709AD6CB25C2
SHA-256:	AF1C96584740C39AA6F3EEB6E8611B42C97985017DC2AA2CA561227878512DE0
SHA-512:	2EC855AB988D687D480C2805BDD61D5EB51C1AB4F65A4E1E07664A093629FAB69E5568FE4EE159A0A646404F13D5E134AB56CA82E503A6BE3BC216D68FD080D3
Malicious:	false
Preview:	2021/08/03-23:18:21.816 1138 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/08/03-23:18:21.819 1138 Recovering log #3.2021/08/03-23:18:21.820 1138 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	432
Entropy (8bit):	5.141396159955113
Encrypted:	false
SSDEEP:	12:FFyv45KkkGHArBFUtpG/P2lR5L5KkkGHAryJ:jY45KkkGgPgbDL5KkkGga
MD5:	6A8EB141161AC4E748B554C46A155B55
SHA1:	4CF4BF038A33BD62ED5A69CB0BF2709AD6CB25C2
SHA-256:	AF1C96584740C39AA6F3EEB6E8611B42C97985017DC2AA2CA561227878512DE0
SHA-512:	2EC855AB988D687D480C2805BDD61D5EB51C1AB4F65A4E1E07664A093629FAB69E5568FE4EE159A0A646404F13D5E134AB56CA82E503A6BE3BC216D68FD080D3
Malicious:	false
Preview:	2021/08/03-23:18:21.816 1138 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/MANIFEST-000001.2021/08/03-23:18:21.819 1138 Recovering log #3.2021/08/03-23:18:21.820 1138 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	325
Entropy (8bit):	4.976576189225149
Encrypted:	false
SSDEEP:	6:YHpoNXR8+eq7JdV5OV/sDHF4R8HLJ2AVQBR70S7PMVKJw1K3KnMRK3VY:YHO8sdysBdLJlyH7E4f3K33y
MD5:	5886A009EB58EE06A16EFD6D1BA9A046
SHA1:	A867B5052F3FBB811693DF8CE3FDAA794F2F2E40
SHA-256:	9E3392126DE2D81D019E0AB3E17F20BADD0EC9FBD944BCB7C4DAF449D937D496
SHA-512:	D24F30A2E35F903AC10AACC4425C58BECB1C6BE2BA30A3C2B9D9D46CE04914AA71F55B3B16ED89081AD65A7090C77F5DC4A258B7B98D71E6A994D176536FBB27
Malicious:	false
Preview:	{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_versions":[50],"expiration":"13248542597817103","port":443,"protocol_str":"quic"}],"isolation":[],"server":"https://dns.google","supports_spdy":true}],"version":5},"network_qualities":{"CAASABiAgICA+P////8B":"4G","CAESABiAgICA+P////8B":"4G"}}}

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.183722149234432
Encrypted:	false
SSDEEP:	12:Zyv45KkkGHArqiuFUtpb/PlylR5L5KkkGHArq2J:ZY45KkkGgCgGDL5KkkGg7
MD5:	32767BF4F018198403E4778402A1F2AE
SHA1:	0D4B926C93251EBC352F92F98B3382FE9E1F5D40
SHA-256:	BC3F05F18B93EEDF19FBF348792DAB49B3B3391FCD04508E28924D00FBEC55C1
SHA-512:	ED56A8A46ADFBC7D55FAFEE41C4CA68F22C3270059B9CEE380324799A4987518FFEABB7C1049E697C171A6247BFA349AC631EF826B58F58D74F2CC3B58168DEB
Malicious:	false
Preview:	2021/08/03-23:18:21.816 1770 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/08/03-23:18:21.818 1770 Recovering log #3.2021/08/03-23:18:21.819 1770 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	434
Entropy (8bit):	5.183722149234432
Encrypted:	false
SSDEEP:	12:Zyv45KkkGHArqiuFUtpb/PlylR5L5KkkGHArq2J:ZY45KkkGgCgGDL5KkkGg7
MD5:	32767BF4F018198403E4778402A1F2AE
SHA1:	0D4B926C93251EBC352F92F98B3382FE9E1F5D40
SHA-256:	BC3F05F18B93EEDF19FBF348792DAB49B3B3391FCD04508E28924D00FBEC55C1
SHA-512:	ED56A8A46ADFBC7D55FAFEE41C4CA68F22C3270059B9CEE380324799A4987518FFEABB7C1049E697C171A6247BFA349AC631EF826B58F58D74F2CC3B58168DEB
Malicious:	false
Preview:	2021/08/03-23:18:21.816 1770 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/MANIFEST-000001.2021/08/03-23:18:21.818 1770 Recovering log #3.2021/08/03-23:18:21.819 1770 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	19
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:5l:5l
MD5:	E556F26DF3E95C19DBAECA8F5DF0C341
SHA1:	247A89F0557FC3666B5173833DB198B188F3AA2E
SHA-256:	B0A7B19404285905663876774A2176939A6ED75EF3904E44283A125824BD0BF3
SHA-512:	055BC4AB12FEEDF3245EAAF0A0109036909C44E3B69916F8A01E6C8459785317FE75CA6B28F8B339316FC2310D3E5392CD15DBDB0F84016667F304D377444E2E
Malicious:	false
Preview:	..&f...............

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.215520422765883
Encrypted:	false
SSDEEP:	12:a2v45KkkGHArAFUtpqJX/Pq05L5KkkGHArfJ:aU45KkkGgkgkJK+L5KkkGgV
MD5:	58998DBB3997388D4C03CCB40A73DBC2
SHA1:	DEA16B142E65EE62BF04780F3A33A7D2CB8BFD8C
SHA-256:	09D5CC8EE925F4010562F45A132383186D4BB7F52DEEB65D0C202B04F7354CC7
SHA-512:	FCC2F86929BB32574ACCD595FC98CC836DE1312C9DCCFDBA4503895E5E67FE2E5F133B2C1A4B4B76FB0749AA9D3ED67981CB0F048157C39A6F535A58ED448698
Malicious:	false
Preview:	2021/08/03-23:18:37.065 1754 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/08/03-23:18:37.067 1754 Recovering log #3.2021/08/03-23:18:37.068 1754 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.oldt (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	420
Entropy (8bit):	5.215520422765883
Encrypted:	false
SSDEEP:	12:a2v45KkkGHArAFUtpqJX/Pq05L5KkkGHArfJ:aU45KkkGgkgkJK+L5KkkGgV
MD5:	58998DBB3997388D4C03CCB40A73DBC2
SHA1:	DEA16B142E65EE62BF04780F3A33A7D2CB8BFD8C
SHA-256:	09D5CC8EE925F4010562F45A132383186D4BB7F52DEEB65D0C202B04F7354CC7
SHA-512:	FCC2F86929BB32574ACCD595FC98CC836DE1312C9DCCFDBA4503895E5E67FE2E5F133B2C1A4B4B76FB0749AA9D3ED67981CB0F048157C39A6F535A58ED448698
Malicious:	false
Preview:	2021/08/03-23:18:37.065 1754 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/MANIFEST-000001.2021/08/03-23:18:37.067 1754 Recovering log #3.2021/08/03-23:18:37.068 1754 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	38
Entropy (8bit):	1.9837406708828553
Encrypted:	false
SSDEEP:	3:sgGg:st
MD5:	45A8ECA4E5C4A6B1395080C1B728B6C9
SHA1:	8A97BB0E599775D9A10C0FC53C4EDB29AA4CEB4E
SHA-256:	DB320AB28DFF27CDA0A7F87B82F2F8E61B3178A6DE8503753D76F1172D32E08E
SHA-512:	8EE91A3A1E77459273553F6A776C423A8EE95DB9DCFA897771814B7AD13FD84F06BB2B859F22B6DDA384B39EAA91F1819F170BABED6DA16BDBCF5BCB06CF2124
Malicious:	false
Preview:	..F..................F................

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.237302747670475
Encrypted:	false
SSDEEP:	6:mY+yq2P923iKKdKpIFUtpvcLI1ZmwPvMZlRkwO923iKKdKa/WLJ:/+yv45KkmFUtpvIG/PvMZlR5L5KkaUJ
MD5:	9DCF8531ACF3CE7C860A258AAE01C7F6
SHA1:	CEC9BFB7820C50570757AA198EE2BA85A6658515
SHA-256:	22C988FC30843ADB13B0DE66BCD257DCFC3EBCE790CAF8CBCDFA227129C180FF
SHA-512:	EA91D16A6D99DA66C0A456A94F10BD3E865E1CACD7EADBD650CDA4069C161346AA6C75BD8CBC46139CA26C4F9AA92B2FCD9CC740A8F1E2AE01BD6FE740DE7702
Malicious:	false
Preview:	2021/08/03-23:18:14.765 1770 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/08/03-23:18:14.768 1770 Recovering log #3.2021/08/03-23:18:14.769 1770 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	326
Entropy (8bit):	5.237302747670475
Encrypted:	false
SSDEEP:	6:mY+yq2P923iKKdKpIFUtpvcLI1ZmwPvMZlRkwO923iKKdKa/WLJ:/+yv45KkmFUtpvIG/PvMZlR5L5KkaUJ
MD5:	9DCF8531ACF3CE7C860A258AAE01C7F6
SHA1:	CEC9BFB7820C50570757AA198EE2BA85A6658515
SHA-256:	22C988FC30843ADB13B0DE66BCD257DCFC3EBCE790CAF8CBCDFA227129C180FF
SHA-512:	EA91D16A6D99DA66C0A456A94F10BD3E865E1CACD7EADBD650CDA4069C161346AA6C75BD8CBC46139CA26C4F9AA92B2FCD9CC740A8F1E2AE01BD6FE740DE7702
Malicious:	false
Preview:	2021/08/03-23:18:14.765 1770 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2021/08/03-23:18:14.768 1770 Recovering log #3.2021/08/03-23:18:14.769 1770 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	404
Entropy (8bit):	5.270241771655242
Encrypted:	false
SSDEEP:	6:mgN+q2P923iKKdKks8Y5JKKhdIFUtpOFZZmwP7VkwO923iKKdKks8Y5JKKTLJ:PIv45KkkOrsFUtpOX/Ph5L5KkkOrzJ
MD5:	1258A0132B98D2661A0564F1CA4B4D9B
SHA1:	A834EDE46266D82F6D74864276E5D9B6B5C1E526
SHA-256:	8741E67C7F6B769E6C8B49FF3709A9CEE78FE9AA8BA35E08ABD904B8E3794CFC
SHA-512:	AB379D6A4D37D4D3DEC081684A39236C23A04E7816C5BBB1F25D41B4B65AC2F686C345C6316494636C4784A6B46588FF37EE876DFD45CE579099C0C4D9A0C409
Malicious:	false
Preview:	2021/08/03-23:18:22.880 1578 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/08/03-23:18:22.881 1578 Recovering log #3.2021/08/03-23:18:22.882 1578 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.olds (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	404
Entropy (8bit):	5.270241771655242
Encrypted:	false
SSDEEP:	6:mgN+q2P923iKKdKks8Y5JKKhdIFUtpOFZZmwP7VkwO923iKKdKks8Y5JKKTLJ:PIv45KkkOrsFUtpOX/Ph5L5KkkOrzJ
MD5:	1258A0132B98D2661A0564F1CA4B4D9B
SHA1:	A834EDE46266D82F6D74864276E5D9B6B5C1E526
SHA-256:	8741E67C7F6B769E6C8B49FF3709A9CEE78FE9AA8BA35E08ABD904B8E3794CFC
SHA-512:	AB379D6A4D37D4D3DEC081684A39236C23A04E7816C5BBB1F25D41B4B65AC2F686C345C6316494636C4784A6B46588FF37EE876DFD45CE579099C0C4D9A0C409
Malicious:	false
Preview:	2021/08/03-23:18:22.880 1578 Reusing MANIFEST C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/MANIFEST-000001.2021/08/03-23:18:22.881 1578 Recovering log #3.2021/08/03-23:18:22.882 1578 Reusing old log C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm/000003.log .

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\TransportSecurity (copy) Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines, with no line terminators
Category:	dropped
Size (bytes):	1041
Entropy (8bit):	5.570575515219642
Encrypted:	false
SSDEEP:	24:YT6H0UhHPkG1KUe4pM3jXUUaUeCf7wU3RUeIQ:YT6UUhvDKUe4IjXUHUeCzwUhUeh
MD5:	24714CA7B53615B50D8D7001A5FCEC42
SHA1:	E6A23ED01F1C1224BBD6B18D8341BAA75566FFAD
SHA-256:	1F3951169A2D0AD79607BB0194299646597887D382B4D8CCA410858C848BB58B
SHA-512:	B2D932299C10D0C1FEE52CA1C69D52B4E6EE4C845DB6AC3E2B155D8A366054EFEDBC4159AB58948DAB579800665904694D7F73671C896A5412253EF9752C7B84
Malicious:	false
Preview:	{"expect_ct":[],"sts":[{"expiry":1633013028.822833,"host":"OuKlWsMW1dkkbI1X/oi6o0Y95ZNSWnSoeaIXAEYPlv4=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1601477028.822838},{"expiry":1633013028.743725,"host":"nAuqgR4iEWti7SOdT3UHPl6rmZU/DeaIm38P2O2OkgA=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477028.743728},{"expiry":1659593899.977239,"host":"tDq6akkQQG721TNufp6qVaUuWripQa/5OFnRpVuemtY=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1628057899.977247},{"expiry":1633013040.850112,"host":"5EdUoB7YUY9zZV+2DkgVXgho8WUvp+D+6KpeUOhNQIM=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1601477040.850115},{"expiry":1659593899.945664,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":false,"sts_observed":1628057899.94567},{"expiry":1633013028.952627,"host":"+ccWXqaoHJ9hfuXbleKV6FQUrBlyXAJ31BdqjNQJpHs=","mode":"force-https","sts_include_subdomains":false,"sts_

C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links Download File
Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	12
Entropy (8bit):	3.188721875540867
Encrypted:	false
SSDEEP:	3:sp0V:I0V
MD5:	6D5640672A41FE0F98389A7CFCC10B4C
SHA1:	11A1D93F094A1700D80B3D0C7C2219530E9ADF2C
SHA-256:	F79755574CC4D1B881B378B63AD95DF8C2232965BAB62A6F1878B5675BE15D40
SHA-512:	7AF36114D202AC917085A39C5C8DFB29536F68F034B2BF878F6E6FAE30BA7E8D8DA07233D867FF62D6BAFBF84630A81AF59DCA8A7109BEE4884AB3DD81C1554B
Malicious:	false
Preview:	.......1.}a.

Static File Info

General
File type:	HTML document, ASCII text, with very long lines, with no line terminators
Entropy (8bit):	3.127062856781132
TrID:
File name:	State Settlement Copy.html
File size:	31831
MD5:	3ddfedf04fbd4845a8ff73e736d08add
SHA1:	936084447f9cba083697ec7e392c833476f3406c
SHA256:	111442186d007f4e43de930b5bef6cd92bafe101557890f6ffd2d9c7b685a2d0
SHA512:	1ae0f9e388d34c1778709b20ddfaeb34bccf44e7600f252946a1c9d11cc89f49cf373567e4f6816f0436ffd4f5c005c89f532a52881b5bb67a66941848179f22
SSDEEP:	384:tz6p/roWszYcj/r3JHS+jHwHl5eWbg9OE17JdbRmZ:dHrHJrbk
File Content Preview:	<script language="javascript"> document.write(unescape('%0a%0a%3c%68%74%6d%6c%20%6c%61%6e%67%3d%22%65%6e%22%20%69%64%20%3d%20%22%6d%79%48%54%4d%4c%22%3e%0a%20%20%20%3c%68%65%61%64%3e%0a%20%20%20%20%20%20%3c%6d%65%74%61%20%63%68%61%72%73%65%74%3d%22%55%54%

File Icon


Icon Hash:	e8d6a08c8882c461

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 23:18:19.379050016 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.386486053 CEST	49718	443	192.168.2.5	176.9.17.111
Aug 3, 2021 23:18:19.395881891 CEST	49719	443	192.168.2.5	185.151.30.153
Aug 3, 2021 23:18:19.400067091 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.400177002 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.401545048 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.402777910 CEST	49721	443	192.168.2.5	216.58.205.77
Aug 3, 2021 23:18:19.408231974 CEST	49722	443	192.168.2.5	172.67.75.3
Aug 3, 2021 23:18:19.410751104 CEST	443	49718	176.9.17.111	192.168.2.5
Aug 3, 2021 23:18:19.410883904 CEST	49718	443	192.168.2.5	176.9.17.111
Aug 3, 2021 23:18:19.411122084 CEST	49718	443	192.168.2.5	176.9.17.111
Aug 3, 2021 23:18:19.419207096 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.424550056 CEST	49723	443	192.168.2.5	70.36.99.230
Aug 3, 2021 23:18:19.424659967 CEST	443	49721	216.58.205.77	192.168.2.5
Aug 3, 2021 23:18:19.424757957 CEST	49721	443	192.168.2.5	216.58.205.77
Aug 3, 2021 23:18:19.425282955 CEST	49721	443	192.168.2.5	216.58.205.77
Aug 3, 2021 23:18:19.426290035 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.426315069 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.426333904 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.426352978 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.426368952 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.426383018 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.426388025 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.426405907 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.428854942 CEST	49722	443	192.168.2.5	172.67.75.3
Aug 3, 2021 23:18:19.433365107 CEST	49722	443	192.168.2.5	172.67.75.3
Aug 3, 2021 23:18:19.436228037 CEST	443	49718	176.9.17.111	192.168.2.5
Aug 3, 2021 23:18:19.436657906 CEST	443	49718	176.9.17.111	192.168.2.5
Aug 3, 2021 23:18:19.436677933 CEST	443	49718	176.9.17.111	192.168.2.5
Aug 3, 2021 23:18:19.436695099 CEST	443	49718	176.9.17.111	192.168.2.5
Aug 3, 2021 23:18:19.436726093 CEST	443	49718	176.9.17.111	192.168.2.5
Aug 3, 2021 23:18:19.438153028 CEST	49718	443	192.168.2.5	176.9.17.111
Aug 3, 2021 23:18:19.438174963 CEST	49718	443	192.168.2.5	176.9.17.111
Aug 3, 2021 23:18:19.438556910 CEST	443	49718	176.9.17.111	192.168.2.5
Aug 3, 2021 23:18:19.445986032 CEST	443	49719	185.151.30.153	192.168.2.5
Aug 3, 2021 23:18:19.447262049 CEST	49719	443	192.168.2.5	185.151.30.153
Aug 3, 2021 23:18:19.447263002 CEST	443	49721	216.58.205.77	192.168.2.5
Aug 3, 2021 23:18:19.447288036 CEST	49719	443	192.168.2.5	185.151.30.153
Aug 3, 2021 23:18:19.449940920 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.455209017 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.455231905 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.455295086 CEST	49722	443	192.168.2.5	172.67.75.3
Aug 3, 2021 23:18:19.462611914 CEST	443	49721	216.58.205.77	192.168.2.5
Aug 3, 2021 23:18:19.462635994 CEST	443	49721	216.58.205.77	192.168.2.5
Aug 3, 2021 23:18:19.464760065 CEST	49721	443	192.168.2.5	216.58.205.77
Aug 3, 2021 23:18:19.503941059 CEST	443	49719	185.151.30.153	192.168.2.5
Aug 3, 2021 23:18:19.504317999 CEST	443	49719	185.151.30.153	192.168.2.5
Aug 3, 2021 23:18:19.504333019 CEST	443	49719	185.151.30.153	192.168.2.5
Aug 3, 2021 23:18:19.504350901 CEST	443	49719	185.151.30.153	192.168.2.5
Aug 3, 2021 23:18:19.504412889 CEST	49719	443	192.168.2.5	185.151.30.153
Aug 3, 2021 23:18:19.595901012 CEST	443	49723	70.36.99.230	192.168.2.5
Aug 3, 2021 23:18:19.598645926 CEST	49723	443	192.168.2.5	70.36.99.230
Aug 3, 2021 23:18:19.600162029 CEST	49723	443	192.168.2.5	70.36.99.230
Aug 3, 2021 23:18:19.668754101 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.668908119 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.668972015 CEST	49718	443	192.168.2.5	176.9.17.111
Aug 3, 2021 23:18:19.689683914 CEST	443	49718	176.9.17.111	192.168.2.5
Aug 3, 2021 23:18:19.689784050 CEST	49718	443	192.168.2.5	176.9.17.111
Aug 3, 2021 23:18:19.771378994 CEST	443	49723	70.36.99.230	192.168.2.5
Aug 3, 2021 23:18:19.776179075 CEST	443	49723	70.36.99.230	192.168.2.5
Aug 3, 2021 23:18:19.776272058 CEST	443	49723	70.36.99.230	192.168.2.5
Aug 3, 2021 23:18:19.776295900 CEST	443	49723	70.36.99.230	192.168.2.5
Aug 3, 2021 23:18:19.776314020 CEST	443	49723	70.36.99.230	192.168.2.5
Aug 3, 2021 23:18:19.776372910 CEST	49723	443	192.168.2.5	70.36.99.230
Aug 3, 2021 23:18:19.776411057 CEST	49723	443	192.168.2.5	70.36.99.230
Aug 3, 2021 23:18:19.913074970 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.916858912 CEST	49722	443	192.168.2.5	172.67.75.3
Aug 3, 2021 23:18:19.918157101 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.918497086 CEST	49722	443	192.168.2.5	172.67.75.3
Aug 3, 2021 23:18:19.918746948 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.919002056 CEST	49722	443	192.168.2.5	172.67.75.3
Aug 3, 2021 23:18:19.930078983 CEST	49721	443	192.168.2.5	216.58.205.77
Aug 3, 2021 23:18:19.930140972 CEST	49721	443	192.168.2.5	216.58.205.77
Aug 3, 2021 23:18:19.930644989 CEST	49721	443	192.168.2.5	216.58.205.77
Aug 3, 2021 23:18:19.930710077 CEST	49721	443	192.168.2.5	216.58.205.77
Aug 3, 2021 23:18:19.932929993 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.933049917 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.933370113 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.935132027 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.935194016 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.935805082 CEST	49722	443	192.168.2.5	172.67.75.3
Aug 3, 2021 23:18:19.937740088 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.937753916 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.937772989 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.942537069 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.948283911 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.948306084 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.948359966 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.948385000 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.948549986 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.948604107 CEST	49717	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:19.948698997 CEST	443	49717	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:19.949717999 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.949740887 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.949763060 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.949779987 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.949800968 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.949821949 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.949836969 CEST	443	49722	172.67.75.3	192.168.2.5
Aug 3, 2021 23:18:19.949855089 CEST	49722	443	192.168.2.5	172.67.75.3

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 3, 2021 23:18:07.129821062 CEST	49557	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:07.158751965 CEST	53	49557	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:07.762201071 CEST	61733	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:07.789727926 CEST	53	61733	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:08.086913109 CEST	65447	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:08.124670982 CEST	53	65447	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:08.767611980 CEST	52441	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:08.793335915 CEST	53	52441	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:09.882651091 CEST	62176	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:09.909446001 CEST	53	62176	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:11.205246925 CEST	59596	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:11.230552912 CEST	53	59596	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:12.353056908 CEST	65296	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:12.378881931 CEST	53	65296	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:13.423213959 CEST	63183	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:13.450671911 CEST	53	63183	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:15.388684034 CEST	60151	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:15.424211979 CEST	53	60151	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:17.524619102 CEST	56969	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:17.549606085 CEST	53	56969	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:18.869030952 CEST	60075	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:18.901693106 CEST	53	60075	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:19.348845005 CEST	55016	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:19.353039026 CEST	64345	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:19.354007959 CEST	57128	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:19.357577085 CEST	54791	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:19.357944012 CEST	50463	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:19.365091085 CEST	50394	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:19.373769999 CEST	53	55016	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:19.380139112 CEST	58530	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:19.385592937 CEST	53	64345	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:19.388016939 CEST	53813	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:19.391714096 CEST	53	54791	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:19.391752005 CEST	53	57128	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:19.395942926 CEST	63732	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:19.397138119 CEST	53	50463	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:19.406383038 CEST	53	50394	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:19.418217897 CEST	53	58530	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:19.424840927 CEST	53	53813	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:19.428878069 CEST	53	63732	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:20.178960085 CEST	57344	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:20.189569950 CEST	54450	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:20.222915888 CEST	53	57344	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:20.222944975 CEST	53	54450	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:20.239100933 CEST	59261	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:20.280855894 CEST	53	59261	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:20.372620106 CEST	59413	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:20.372726917 CEST	57151	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:20.373440027 CEST	60516	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:20.410345078 CEST	53	57151	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:20.410537958 CEST	53	59413	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:20.411210060 CEST	53	60516	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:20.549575090 CEST	56433	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:20.575263977 CEST	443	56433	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:20.575838089 CEST	56433	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:20.579149961 CEST	52929	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:20.601383924 CEST	443	56433	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:20.601424932 CEST	443	56433	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:20.601452112 CEST	443	56433	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:20.601474047 CEST	443	56433	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:20.601814032 CEST	56433	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:20.603372097 CEST	56433	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:20.603995085 CEST	56433	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:20.611776114 CEST	53	52929	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:20.635140896 CEST	443	56433	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:20.636790991 CEST	56433	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:20.646573067 CEST	443	56433	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:20.646610975 CEST	443	56433	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:20.646629095 CEST	443	56433	216.58.212.174	192.168.2.5
Aug 3, 2021 23:18:20.650008917 CEST	56433	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:20.676450014 CEST	56433	443	192.168.2.5	216.58.212.174
Aug 3, 2021 23:18:21.241312981 CEST	64317	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:21.279162884 CEST	53	64317	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:22.693819046 CEST	61515	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:22.735549927 CEST	53	61515	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:34.571198940 CEST	57172	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:34.605714083 CEST	53	57172	8.8.8.8	192.168.2.5
Aug 3, 2021 23:18:40.455022097 CEST	55267	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:18:40.495699883 CEST	53	55267	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:02.185161114 CEST	50969	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:02.227312088 CEST	53	50969	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:06.902431011 CEST	64362	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:06.939474106 CEST	53	64362	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:07.660187960 CEST	54766	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:07.695846081 CEST	53	54766	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:08.338284969 CEST	61446	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:08.371089935 CEST	53	61446	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:08.717431068 CEST	57515	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:08.753741026 CEST	53	57515	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:09.077295065 CEST	58199	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:09.117197037 CEST	53	58199	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:09.396496058 CEST	65221	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:09.428841114 CEST	53	65221	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:09.847944021 CEST	61573	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:09.881680965 CEST	53	61573	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:10.441804886 CEST	56562	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:10.478390932 CEST	53	56562	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:11.863482952 CEST	53591	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:11.896744967 CEST	53	53591	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:12.567945004 CEST	59688	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:12.603444099 CEST	53	59688	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:12.724117994 CEST	56032	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:12.763931990 CEST	53	56032	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:13.072927952 CEST	61150	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:13.108099937 CEST	53	61150	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:15.045299053 CEST	63458	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:15.080594063 CEST	53	63458	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:15.301768064 CEST	53247	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:15.344655037 CEST	53	53247	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:15.449841976 CEST	58544	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:15.485434055 CEST	53	58544	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:15.550781965 CEST	53814	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:15.585974932 CEST	53	53814	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:16.188498974 CEST	51305	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:16.221335888 CEST	53	51305	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:44.038678885 CEST	53670	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:44.083378077 CEST	53	53670	8.8.8.8	192.168.2.5
Aug 3, 2021 23:19:46.747598886 CEST	55160	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:19:46.780349970 CEST	53	55160	8.8.8.8	192.168.2.5
Aug 3, 2021 23:20:05.721282959 CEST	61414	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:20:05.754008055 CEST	53	61414	8.8.8.8	192.168.2.5
Aug 3, 2021 23:20:20.633815050 CEST	63847	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:20:20.676920891 CEST	53	63847	8.8.8.8	192.168.2.5
Aug 3, 2021 23:20:20.766940117 CEST	61523	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:20:20.800529957 CEST	53	61523	8.8.8.8	192.168.2.5
Aug 3, 2021 23:20:24.661020994 CEST	50551	53	192.168.2.5	8.8.8.8
Aug 3, 2021 23:20:24.703618050 CEST	53	50551	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Aug 3, 2021 23:18:19.348845005 CEST	192.168.2.5	8.8.8.8	0xca2	Standard query (0)	clients2.google.com	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.353039026 CEST	192.168.2.5	8.8.8.8	0x6733	Standard query (0)	www.freepnglogos.com	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.354007959 CEST	192.168.2.5	8.8.8.8	0x5acf	Standard query (0)	t4.ftcdn.net	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.357577085 CEST	192.168.2.5	8.8.8.8	0x37a6	Standard query (0)	letsteachtheworld.org	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.357944012 CEST	192.168.2.5	8.8.8.8	0xd01	Standard query (0)	accounts.google.com	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.365091085 CEST	192.168.2.5	8.8.8.8	0xa5c0	Standard query (0)	cdn.mosoah.com	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.380139112 CEST	192.168.2.5	8.8.8.8	0x17f8	Standard query (0)	www.kindpng.com	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:20.372620106 CEST	192.168.2.5	8.8.8.8	0xe42d	Standard query (0)	www.freepnglogos.com	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:20.372726917 CEST	192.168.2.5	8.8.8.8	0x42a8	Standard query (0)	letsteachtheworld.org	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:20.373440027 CEST	192.168.2.5	8.8.8.8	0xff1c	Standard query (0)	www.kindpng.com	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:20.579149961 CEST	192.168.2.5	8.8.8.8	0xc02d	Standard query (0)	temperfield.com	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:21.241312981 CEST	192.168.2.5	8.8.8.8	0x8d38	Standard query (0)	clients2.googleusercontent.com	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Aug 3, 2021 23:18:19.373769999 CEST	8.8.8.8	192.168.2.5	0xca2	No error (0)	clients2.google.com	clients.l.google.com		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 23:18:19.373769999 CEST	8.8.8.8	192.168.2.5	0xca2	No error (0)	clients.l.google.com		216.58.212.174	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.385592937 CEST	8.8.8.8	192.168.2.5	0x6733	No error (0)	www.freepnglogos.com	freepnglogos.com		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 23:18:19.385592937 CEST	8.8.8.8	192.168.2.5	0x6733	No error (0)	freepnglogos.com		176.9.17.111	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.391714096 CEST	8.8.8.8	192.168.2.5	0x37a6	No error (0)	letsteachtheworld.org		185.151.30.153	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.391752005 CEST	8.8.8.8	192.168.2.5	0x5acf	No error (0)	t4.ftcdn.net	b.shared.global.fastly.net		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 23:18:19.397138119 CEST	8.8.8.8	192.168.2.5	0xd01	No error (0)	accounts.google.com		216.58.205.77	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.406383038 CEST	8.8.8.8	192.168.2.5	0xa5c0	No error (0)	cdn.mosoah.com		172.67.75.3	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.406383038 CEST	8.8.8.8	192.168.2.5	0xa5c0	No error (0)	cdn.mosoah.com		104.26.3.120	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.406383038 CEST	8.8.8.8	192.168.2.5	0xa5c0	No error (0)	cdn.mosoah.com		104.26.2.120	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:19.418217897 CEST	8.8.8.8	192.168.2.5	0x17f8	No error (0)	www.kindpng.com		70.36.99.230	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:20.410345078 CEST	8.8.8.8	192.168.2.5	0x42a8	No error (0)	letsteachtheworld.org		185.151.30.153	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:20.410537958 CEST	8.8.8.8	192.168.2.5	0xe42d	No error (0)	www.freepnglogos.com	freepnglogos.com		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 23:18:20.410537958 CEST	8.8.8.8	192.168.2.5	0xe42d	No error (0)	freepnglogos.com		176.9.17.111	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:20.411210060 CEST	8.8.8.8	192.168.2.5	0xff1c	No error (0)	www.kindpng.com		70.36.99.230	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:20.611776114 CEST	8.8.8.8	192.168.2.5	0xc02d	No error (0)	temperfield.com		31.14.15.249	A (IP address)	IN (0x0001)
Aug 3, 2021 23:18:21.279162884 CEST	8.8.8.8	192.168.2.5	0x8d38	No error (0)	clients2.googleusercontent.com	googlehosted.l.googleusercontent.com		CNAME (Canonical name)	IN (0x0001)
Aug 3, 2021 23:18:21.279162884 CEST	8.8.8.8	192.168.2.5	0x8d38	No error (0)	googlehosted.l.googleusercontent.com		216.58.208.129	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Aug 3, 2021 23:18:19.504350901 CEST	185.151.30.153	443	192.168.2.5	49719	CN=*.letsteachtheworld.org CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jun 09 19:55:54 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021	Tue Sep 07 19:55:53 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=R3, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Fri Sep 04 02:00:00 CEST 2020	Mon Sep 15 18:00:00 CEST 2025
					CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 20 20:14:03 CET 2021	Mon Sep 30 20:14:03 CEST 2024
Aug 3, 2021 23:18:19.776314020 CEST	70.36.99.230	443	192.168.2.5	49723	CN=kindpng.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Tue May 25 11:05:04 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021	Mon Aug 23 11:05:04 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,0-23-65281-10-11-35-16-5-13-18-51-45-43-27-21,29-23-24,0	b32309a26951912be7dba376398abc3b
					CN=R3, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Fri Sep 04 02:00:00 CEST 2020	Mon Sep 15 18:00:00 CEST 2025
					CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 20 20:14:03 CET 2021	Mon Sep 30 20:14:03 CEST 2024
Aug 3, 2021 23:18:20.483732939 CEST	176.9.17.111	443	192.168.2.5	49736	CN=www.freepnglogos.com, OU=Domain Control Validated CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE	Tue Dec 03 01:00:00 CET 2019 Fri Nov 02 01:00:00 CET 2018 Tue May 30 12:48:38 CEST 2000	Mon Dec 06 00:59:59 CET 2021 Wed Jan 01 00:59:59 CET 2031 Sat May 30 12:48:38 CEST 2020	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB	CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	Fri Nov 02 01:00:00 CET 2018	Wed Jan 01 00:59:59 CET 2031
					CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US	CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE	Tue May 30 12:48:38 CEST 2000	Sat May 30 12:48:38 CEST 2020
Aug 3, 2021 23:18:20.529330969 CEST	185.151.30.153	443	192.168.2.5	49734	CN=*.letsteachtheworld.org CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jun 09 19:55:54 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021	Tue Sep 07 19:55:53 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=R3, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Fri Sep 04 02:00:00 CEST 2020	Mon Sep 15 18:00:00 CEST 2025
					CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 20 20:14:03 CET 2021	Mon Sep 30 20:14:03 CEST 2024
Aug 3, 2021 23:18:20.778637886 CEST	70.36.99.230	443	192.168.2.5	49735	CN=kindpng.com CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=R3, O=Let's Encrypt, C=US CN=ISRG Root X1, O=Internet Security Research Group, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Tue May 25 11:05:04 CEST 2021 Fri Sep 04 02:00:00 CEST 2020 Wed Jan 20 20:14:03 CET 2021	Mon Aug 23 11:05:04 CEST 2021 Mon Sep 15 18:00:00 CEST 2025 Mon Sep 30 20:14:03 CEST 2024	771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0	37f463bf4616ecd445d4a1937da06e19
					CN=R3, O=Let's Encrypt, C=US	CN=ISRG Root X1, O=Internet Security Research Group, C=US	Fri Sep 04 02:00:00 CEST 2020	Mon Sep 15 18:00:00 CEST 2025
					CN=ISRG Root X1, O=Internet Security Research Group, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Wed Jan 20 20:14:03 CET 2021	Mon Sep 30 20:14:03 CEST 2024

Code Manipulations

Statistics

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exe PID: 5784 Parent PID: 4252

General

Start time:	23:18:13
Start date:	03/08/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'C:\Users\user\Desktop\State Settlement Copy.html'
Imagebase:	0x7ff677c70000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Analysis Process: chrome.exe PID: 5644 Parent PID: 5784

General

Start time:	23:18:15
Start date:	03/08/2021
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1636,2459575167211995088,13394836041496998709,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1696 /prefetch:8
Imagebase:	0x7ff677c70000
File size:	2150896 bytes
MD5 hash:	C139654B5C1438A95B321BB01AD63EF6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Disassembly

Reset < >

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report State Settlement Copy.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Overview

Initial Sample

Sigma Overview

Jbx Signature Overview

Phishing:

Compliance:

Networking:

System Summary:

Persistence and Installation Behavior:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTPS Packets

Code Manipulations

Statistics

Behavior

System Behavior

Analysis Process: chrome.exe PID: 5784 Parent PID: 4252

General

Analysis Process: chrome.exe PID: 5644 Parent PID: 5784

General

Disassembly