Windows Analysis Report https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io

Overview

General Information

Sample URL:	https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io
Analysis ID:	502282
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Phishing site detected (based on logo template match)

URL contains potential PII (phishing indication)

HTML body contains low number of good links

No HTML title found

Classification

Signatures

Phishing:

Yara detected HtmlPhish10

Source: Yara match	File source: 05029.1.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, type: DROPPED

Phishing site detected (based on logo template match)

Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook

Matcher: Template: unicredit matched

URL contains potential PII (phishing indication)

Source: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io

Sample URL: PII: andy@candies-twentytwo.io

HTML body contains low number of good links

Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	HTTP Parser: Number of links: 1
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	HTTP Parser: Number of links: 1

No HTML title found

Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	HTTP Parser: HTML title missing
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	HTTP Parser: HTML title missing

Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	HTTP Parser: No <meta name="author".. found
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	HTTP Parser: No <meta name="author".. found

Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	HTTP Parser: No <meta name="copyright".. found
Source: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Source: unknown

HTTPS traffic detected: 67.227.248.137:443 -> 192.168.2.5:49776 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/?email=andy@candies-twentytwo.io HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/css/api.css HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/config.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/framework.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/bundle.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/bundle.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/favicon-32x32.png HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/manifest.json HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/favicon-16x16.png HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/android-chrome-192x192.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: insurance.insuretym.com
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/favicon-96x96.png HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/images/favicon/android-chrome-192x192.png HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.ioAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/js/config.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/css/pikaday.css HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/css/style.css HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/js/framework.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/js/bundle.min.js HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/images/icons/icons.svg HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /office365.com HTTP/1.1Host: logo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/images/background.svg HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/fonts/Roboto-Medium.woff2 HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveOrigin: https://insurance.insuretym.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/fonts/Roboto-Regular.woff2 HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveOrigin: https://insurance.insuretym.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=e384d7c118ca1225cc41173558a4f816
Source: global traffic	HTTP traffic detected: GET /wp-include/reports/genWeb/webmail/images/favicon/manifest.json HTTP/1.1Host: insurance.insuretym.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlookAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:18 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:18 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:18 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:19 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:20 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:20 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:21 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:21 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:22 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:23 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:29 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:31 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 13 Oct 2021 17:13:31 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://insurance.insuretym.com/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: Upgrade, closeVary: Accept-Encoding,User-AgentTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8

Source: angular.js.0.dr	String found in binary or memory: http://angularjs.org
Source: data_3.2.dr	String found in binary or memory: http://candies-twentytwo.io/favicon.ico
Source: angular.js.0.dr	String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: pnacl_public_x86_64_pnacl_sz_nexe.0.dr	String found in binary or memory: http://llvm.org/):
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr, manifest.json0.0.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: Network Action Predictor.0.dr	String found in binary or memory: https://ajax.googleapis.com/
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js
Source: data_1.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.jsvar
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr, manifest.json0.0.dr	String found in binary or memory: https://apis.google.com
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/android-chrome-192x192.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-114x114.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-120x120.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-144x144.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-152x152.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-180x180.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-57x57.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-60x60.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-72x72.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/apple-touch-icon-76x76.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/favicon-32x32.png
Source: data_3.2.dr	String found in binary or memory: https://candies-twentytwo.io/images/favicon/favicon-96x96.png
Source: pnacl_public_x86_64_libgcc_a.0.dr, pnacl_public_x86_64_crtend_o.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libgcc_a.0.dr, pnacl_public_x86_64_crtend_o.0.dr	String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://clients6.google.com
Source: data_1.2.dr	String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCRV0lK_FUffSEgk
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
Source: data_3.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 7090edc0-f3de-41b5-aff6-848ea8b0568c.tmp.2.dr, 42dd92ad-78b6-4360-bb35-1ea8c01b7a17.tmp.2.dr, ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr	String found in binary or memory: https://dns.google
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.dr	String found in binary or memory: https://github.com/angular/material
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: Current Session.0.dr	String found in binary or memory: https://insurance.insuretym.com
Source: Network Action Predictor.0.dr	String found in binary or memory: https://insurance.insuretym.com/
Source: Current Session.0.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/android-chrome-192x192.png
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/android-chrome-192x192.pngN
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/favicon-16x16.png
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/favicon-32x32.png
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/favicon-96x96.png
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/manifest.json
Source: Current Session.0.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/
Source: Current Session.0.dr, data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/api.css
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/api.cssV
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/pikaday.css
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/style.css
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/style.css%
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/fonts/Roboto-Medium.woff2
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/fonts/Roboto-Regular.woff2
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/images/background.svg
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/images/favicon/manifest.json
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/images/favicon/manifest.jsonChIKBw
Source: data_1.2.dr, 8f75485cfa400fd0_0.0.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/bundle.min.js
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/bundle.min.js8
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/config.js
Source: data_1.2.dr	String found in binary or memory: https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/framework.min.js
Source: 8f75485cfa400fd0_0.0.dr	String found in binary or memory: https://insuretym.com/
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://logo.clearbit.com/office365.com
Source: data_1.2.dr	String found in binary or memory: https://logo.clearbit.com/office365.com?
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://meetings.clients6.google.com
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://r4---sn-h0jeenek.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=102.1
Source: data_1.2.dr	String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr, feedback.html.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr, feedback.html.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: Current Session.0.dr	String found in binary or memory: https://www.candies-twentytwo.io/
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr, manifest.json0.0.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: craw_window.js.0.dr, craw_background.js.0.dr, ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: ed8855d7-f5f6-4553-bf02-d844021857b1.tmp.2.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

HTTPS traffic detected: 67.227.248.137:443 -> 192.168.2.5:49776 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\5f2d3fd4-05a7-43f9-a214-6616895d6739.tmp

Jump to behavior

Source: classification engine

Classification label: mal52.phis.win@30/235@13/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,8527828132282792844,17070123648795584736,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1960 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1600,8527828132282792844,17070123648795584736,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1960 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61679239-11A8.pma

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic			Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
172.217.168.1	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
54.230.206.106	d26p066pn2w0s0.cloudfront.net	United States	16509	AMAZON-02US	false
172.217.168.45	accounts.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
67.227.248.137	insurance.insuretym.com	United States	32244	LIQUIDWEBUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
d26p066pn2w0s0.cloudfront.net	54.230.206.106	true
google.com	142.250.203.110	true
accounts.google.com	172.217.168.45	true
clients.l.google.com	172.217.168.78	true
insurance.insuretym.com	67.227.248.137	true
googlehosted.l.googleusercontent.com	172.217.168.1	true
clients2.googleusercontent.com	unknown	unknown
clients2.google.com	unknown	unknown
candies-twentytwo.io	unknown	unknown
logo.clearbit.com	unknown	unknown
www.candies-twentytwo.io	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io	false		unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/fonts/Roboto-Regular.woff2	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/favicon-96x96.png	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	true		unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/images/icons/icons.svg	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/style.css	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/api.css	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/framework.min.js	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/icewarpapi/	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/favicon-32x32.png	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/css/pikaday.css	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/bundle.min.js	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/bundle.min.js	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/fonts/Roboto-Medium.woff2	false	Avira URL Cloud: safe	unknown
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx	false		high
https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/manifest.json	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/config.js	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/images/background.svg	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/?client_id=PSACQnYyNumKgoTvEUp5rB&redirect_uri=https%3A%2F%2Fwww.candies-twentytwo.io%2F&protectedtoken=false&id=Y2FuZGllcy10d2VudHl0d28uaW8=&Country=US&x=YW5keUBjYW5kaWVzLXR3ZW50eXR3by5pbw==&i=outlook	true		unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io	true		unknown
https://logo.clearbit.com/office365.com	false		high
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/js/config.js	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/framework.min.js	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/webmail/images/favicon/manifest.json	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/android-chrome-192x192.png	false	Avira URL Cloud: safe	unknown
https://insurance.insuretym.com/wp-include/reports/genWeb/images/favicon/favicon-16x16.png	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic	data	A78AD14E77147E7DE3647E61964C0335	CECC3DD41F4CEA0192B24300C71E1911BD4FCE45	0D6803758FF8F87081FAFD62E90F0950DFB2DD7991E9607FE76A8F92D0E893FA
C:\Users\user\AppData\Local\Google\Chrome\User Data\01bdba33-5b7a-4a08-8ff6-d93f05cfa88b.tmp	data	537D2E0C8456A7C9067B43D2E7267978	9670F713A5858F908D69E6BC0A7B72A086E51F63	9C07C84C3E18578D8C110BD7B6BD3461199420F5FACCE4A0399C83D53C83C406
C:\Users\user\AppData\Local\Google\Chrome\User Data\35f571cd-ad0c-4983-9e9b-efcf872f90da.tmp	ASCII text, with very long lines, with no line terminators	6861636511C49B57AFB37A801DE1151B	2A5C977702A92EBF9BA66D34FF4A1CBE6389F452	A87DBD5785F297B6967B22FE65BEF7361FE8A69D2077395626847166E39B94C5
C:\Users\user\AppData\Local\Google\Chrome\User Data\6003783f-c771-4357-9d97-ff63cbcf03c5.tmp	SysEx File -	CB85ED8E9D8B8193BD9DD9DB3B5F55D0	A5E9470E6D4DCB20EE26D2EA9427D01CD9C48B7C	98EF9AF2B307C027E8B9561E72B8E20D606287B3093F0E3C69C55669C82B51E7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	7A9D405E9218ED86C7ED3BB729DAA896	E5BB69E833231B755B20E5A0C9B2392D8B923C66	D83D002DFE4F96C43A6FBF24FC7AA739945731ABDEC2AFB53EDDCE2D2D87D6AF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2a16e56c-c3ea-4b80-bd3d-5d7d7f7bd56d.tmp	ASCII text, with very long lines, with no line terminators	6E1875BB67886E01015E07478F2E60C8	F20DB61775F6D06B1AFDE45A74CC49404DC84B6F	F8EF8E38DCB37FF81B2EC29A3C021AE0B8289C89E1C9CB4575CCC2D319C40025
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\2ebca454-bcae-4a7e-9160-77416a6f1ad9.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	25207712C5DD0F869011ADD368D169D5	85AF22D279B9B89D01AEF27F52B200D15D937BEB	0D94488E5AF4A283E7E00EFFA79B3E2ADEDB9B03277C0887E1239CFBFB2F1112
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\45bbc3b1-c8df-46b4-8da4-a8cbc504556c.tmp	ASCII text, with very long lines, with no line terminators	576FA5C0DDBC485B3D6FE2665E1D6F8B	E2803B31191BC817C548E3EB9F7E6F2F70AB89DF	F38FD0EE947580B008A62224506B836F179CE85B95D6B5AC296BC58BCCC3D212
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\954b3ada-246e-4e8d-91ed-4fbea563c6b0.tmp	ASCII text, with very long lines, with no line terminators	B0D6501373AF29CD9EB87C4E74F38F44	C8BAD9321E243A70894D7EF12C3F37C7BE2B70E8	CFE5E180FECC018852C19645D2CFE58AB918881D72307B7EECFB11C8E388BB75
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG	ASCII text	CDF35F4EBEC6C33390597722F4E52A49	702294DFFAF7C577E83B8199F59398A0DC4F8BCD	29B5E01F1939F63CE07A6C1DE91B1954E1FB3604789714EFC759BD2A959CAC11
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old (copy)	ASCII text	CDF35F4EBEC6C33390597722F4E52A49	702294DFFAF7C577E83B8199F59398A0DC4F8BCD	29B5E01F1939F63CE07A6C1DE91B1954E1FB3604789714EFC759BD2A959CAC11
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG	ASCII text	20F19D9C6044211DF90920012EBDAACB	F3D1CD2A1A9196346035082CCDE89245CDCDF813	604A679691F56710CB3BF0CF53D2574EFFD6FAB1FBCC44C88FAAC23C334F5A76
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old. (copy)	ASCII text	20F19D9C6044211DF90920012EBDAACB	F3D1CD2A1A9196346035082CCDE89245CDCDF813	604A679691F56710CB3BF0CF53D2574EFFD6FAB1FBCC44C88FAAC23C334F5A76
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0	data	521780E65B4A44ADD28E6055701CFAA8	89753D0B5E10EC3F3269C8649B749C03C01B926D	6D67786491E41DA9BB8A3B1BA1C1E796B9BBFCCFE6E8CD926213BFF161EC9EE0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1	data	9C386DE5620484D33923086EC4C46070	229ADDB37C88489C989252C8E8B66A7B7C741818	20163D96E78FCBA596F3476CF6AB310DB2123D952A5808CA432D91B0FFA46677
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2	data	7CA49A25A484750FEA0AD5FFD2044F43	3F430AB9B8167A8E7285714AA8BAF6040F314EFD	56AD208E2A59A7E380DDAC60230B0A9E37F65C92DFCF05B372EA7153D3A7EC40
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3	data	D82C26E3303C0313B0998AC7B1DA7A8C	61532356CB87EC94CD893AF4A2F94F5F23BF7355	EC5572C316FAEA19BD0D369FB3F342570CED674AD4A888814D886C7BD0AF9130
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5dc4e4e594caf8e4_0	data	5AB3786CC9F7C61F15C472B1DE9A62A1	31B4E3C8B0B179E709EB5799C33DA6E6052D8925	1DC375F55A8AD293332B58D70F876E69F1EDAF96C638637B4F17CEE98554848F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8f75485cfa400fd0_0	data	52D450CAAF4A27B4E8AE5297F01E3D06	557F3F3EEA6214E21CA03A52A4F16A8F213A5EB6	7E13048E7CF13CD50EF66044C6EF13FBBCA585D57C62695F6D0CBEF9534FC591
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eaf07a6405f89499_0	data	334C1FC126B344DB03C725FE32D18BC5	BE025920313174602791C312ECFB30CBF1F12FEF	56C47FB06E4F27851993EC1FC986DBCAF486FED495009666FC647C70E1C82AFE
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index	data	30CC8D07054802820E807FD27B2DAE17	4810E278FBB9BB948C069E3DD8470EBCA5AC0D8F	6E5997123E1336253EE0164E18969337E3E864F93E6C1A5DCCAFB73CB878DECA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index. (copy)	data	30CC8D07054802820E807FD27B2DAE17	4810E278FBB9BB948C069E3DD8470EBCA5AC0D8F	6E5997123E1336253EE0164E18969337E3E864F93E6C1A5DCCAFB73CB878DECA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	5889450E49DE0B64E16C7C9F917A08E8	74E60023CAD2F4C6AC450E7BD8A23A7EC66988CC	6143BFB3CFF76A77406F9CE3B497F88B4D17B388F2F81F5BABA02FED33C68AF8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session	data	75A5BCF8C13C6AD591D9CF5B2597A972	0A64F75A145F49C1ADA880B4531B9A3FC6F07AA0	A3F6FD81721B5B264DD8E7BEBDCE3296170E3961E9FAD0EA7F10A5BCC4555255
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	BB9B527949692288040DE3359E5585B7	ED8DE5C271F6CE7FB8AC8D336D55E0A41A5A4F3E	5E5BBBE23C2EBA0C5A26A464E1533E5E66A45689C03E743B27665F83DAEFDA18
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	ASCII text	A28FB99C87626401C6772E4687DFD702	048CC5C7CC41A38BE8E66328EC9A7FDC464391B7	6DECC8B45C52E7EEFAD7E42C5DFC88436C9D70F68D9D2B298C7D3FAB3E8C2AEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old. (copy)	ASCII text	A28FB99C87626401C6772E4687DFD702	048CC5C7CC41A38BE8E66328EC9A7FDC464391B7	6DECC8B45C52E7EEFAD7E42C5DFC88436C9D70F68D9D2B298C7D3FAB3E8C2AEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	763F7DC0C355624843438D92927ACD06	E6DF45862B8D4F2DD538BEAD4A0288EACAB3AED6	B2394571D88A272B80731B23A88DB6D0490A241D4A0958C2C468C42ECF6E5DC1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	ASCII text	A20A26727C743A65E0831623B82C1979	A4C253F267F0E6D46F3C23592A723E9BB538DAE0	B6E1168FCDDDCE4B53B72BEB16FD0E1760AB49F6AECAD0F5F19DB458BA0AAA1F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old. (copy)	ASCII text	A20A26727C743A65E0831623B82C1979	A4C253F267F0E6D46F3C23592A723E9BB538DAE0	B6E1168FCDDDCE4B53B72BEB16FD0E1760AB49F6AECAD0F5F19DB458BA0AAA1F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	67F7D28F7D73EF433AE41A396F1A9CDA	0EA54CFC3D5295B207B76E17BEE675E4CE34556C	42762BFCAD362D96AD3CAE6E2E7ACB41C497A3F2157E271628371F39D66455E3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.oldAA (copy)	ASCII text	67F7D28F7D73EF433AE41A396F1A9CDA	0EA54CFC3D5295B207B76E17BEE675E4CE34556C	42762BFCAD362D96AD3CAE6E2E7ACB41C497A3F2157E271628371F39D66455E3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG	ASCII text	33CE15C2E6C45EF3DB4BBDB66732D2A8	730C67779257968FA731BEFFB7B520FBE3DB7652	2C53C7A0E53DC33F02D84E781E0912C16B7BA791FF3D981AB52BD6F635D9C18B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy)	ASCII text	33CE15C2E6C45EF3DB4BBDB66732D2A8	730C67779257968FA731BEFFB7B520FBE3DB7652	2C53C7A0E53DC33F02D84E781E0912C16B7BA791FF3D981AB52BD6F635D9C18B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	ASCII text	3EFEA8A444A904DA0C76160B86F43004	314D328ABD8D119A4841AD9A9AE3ECB3C24787BF	1E5FE652FB5BE976060182E5B5DB2320F4B8BD3E8D8188D12300F3D0BA2ED56E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old@= (copy)	ASCII text	3EFEA8A444A904DA0C76160B86F43004	314D328ABD8D119A4841AD9A9AE3ECB3C24787BF	1E5FE652FB5BE976060182E5B5DB2320F4B8BD3E8D8188D12300F3D0BA2ED56E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3032001	FCD22DBB9C5F4BD9D9E50E09C8796E54	D55A75E00F977CE778E335FE065320B79C501D3A	57C5583B7C356FB05D34BEEC0D973E4F981086F55F741F90547CC483222FC1B5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	DDDD800F6449281165D45A016AFE0640	B127E9B646B2E3D8644EE1A277CF88CDFD477CFA	102490AEE41387E01946D90287B57CFADFD8F2CF3F562E494164721B21D9CCD8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal	data	14F87EFBFC8BDFA75A4DFF975396D799	885E6F9608C87A21D4FD884EEBA3BD9EE7594A39	EBF8514669744588476D2D4EC4CAD3928B2EB284A4F3BB890CB5BE8639E57771
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last SessionXP (copy)	data	75A5BCF8C13C6AD591D9CF5B2597A972	0A64F75A145F49C1ADA880B4531B9A3FC6F07AA0	A3F6FD81721B5B264DD8E7BEBDCE3296170E3961E9FAD0EA7F10A5BCC4555255
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsn (copy)	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	data	9170CEBF29E8A3A749CC74ECFF27ABC2	8CC1D53A3001E69AB1028AF31F644E7E12D460AF	0FF728D9DBC3FE0853C65AA4AB0003EB71DEE4D2AACC2C14D476299E5C4DC6E2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	ASCII text	7835CF502E4AF78EAA679F19C1B6B1E8	C2A219C96AC86C17AAD1B4E54D83E9A222162FEC	07FE48C600982D40C2A4CD1C2599BABE1185EB49A373E4F8482B28968C2E1F4C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy)	ASCII text	7835CF502E4AF78EAA679F19C1B6B1E8	C2A219C96AC86C17AAD1B4E54D83E9A222162FEC	07FE48C600982D40C2A4CD1C2599BABE1185EB49A373E4F8482B28968C2E1F4C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Action Predictor	SQLite 3.x database, last written using SQLite version 3032001	202CCFF78DB732B8309319F32DB9A41D	4CCDD12619DEF739FA8D26051BE4E20F15A2CA10	4B8B7BA395460650EB8586ABB2D4E9A31337C152477F48AA30587C69B492880C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State>. (copy)	ASCII text, with very long lines, with no line terminators	829D5654ADF098AD43036E24C47F2A94	506C8BA397509BA0357787950C538C1879047DF3	4D0B852D18FCA5C1A712904CF6DB3811FB905E86D8A7508A2D42F9C8D68E2211
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State} (copy)	ASCII text, with very long lines, with no line terminators	6E1875BB67886E01015E07478F2E60C8	F20DB61775F6D06B1AFDE45A74CC49404DC84B6F	F8EF8E38DCB37FF81B2EC29A3C021AE0B8289C89E1C9CB4575CCC2D319C40025
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG	ASCII text	72C01B04B6C858E04020B828223BF216	6D177332745EE175D8AA41C25624035B11876F01	2AE3966AE5A870CC75F87A9A6AF53A1B81B2B3D5FA18352E62FCF88551F1AF02
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old (copy)	ASCII text	72C01B04B6C858E04020B828223BF216	6D177332745EE175D8AA41C25624035B11876F01	2AE3966AE5A870CC75F87A9A6AF53A1B81B2B3D5FA18352E62FCF88551F1AF02
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	576FA5C0DDBC485B3D6FE2665E1D6F8B	E2803B31191BC817C548E3EB9F7E6F2F70AB89DF	F38FD0EE947580B008A62224506B836F179CE85B95D6B5AC296BC58BCCC3D212
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesMP (copy)	ASCII text, with very long lines, with no line terminators	B0D6501373AF29CD9EB87C4E74F38F44	C8BAD9321E243A70894D7EF12C3F37C7BE2B70E8	CFE5E180FECC018852C19645D2CFE58AB918881D72307B7EECFB11C8E388BB75
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencesm (copy)	ASCII text, with very long lines, with no line terminators	47F8D1BC81A5E4B790ED1CC51B6B0781	7E0E6D0624C6A54D7BD3DCFD9EA2C6E80260CC65	54F444DC21EEB7B4F8CBA2D08913EB631D490B009C13ABF7AE29F9FBEE969014
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3032001	EB38FD731D4C76BCA7D5D4B4BE636794	63A40D10BE21BF869C875457B368AF0150323A2D	78405E89131C2A9B51DF15B9A991DD2AC7E664CF5FCC3CEE2EF0401AFF56B05C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.t (copy)	HTML document, ASCII text, with very long lines, with no line terminators	A7E2B8B9A5A8CAC3B14BED5768B8EE76	CBBB268518AAB2204F9B8AE6B128A368DF84BC73	F0DCDA5494B4010782886175605A25FDF69F12EF4A10864DEFE7BFB72BBA6870
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesMP (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	25207712C5DD0F869011ADD368D169D5	85AF22D279B9B89D01AEF27F52B200D15D937BEB	0D94488E5AF4A283E7E00EFFA79B3E2ADEDB9B03277C0887E1239CFBFB2F1112
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	data	99EB4F3410780D4F7C9F432F5CC23F74	186C87877609C9F2B5F44BBC3F9EECE2E096F842	F6644A9BB1515338C075E4566E5A4862E68CEC526012120AB1269A36C1F2855A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	ASCII text	72F42F38EC03153D65CC2CD85001D395	B1BF058EF2AC9A54F7DF61F337B117E3736F08C1	DEB898082CC130A4EB267BDD72170723F190B607149EECE823F00FA85BAD843E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)	ASCII text	72F42F38EC03153D65CC2CD85001D395	B1BF058EF2AC9A54F7DF61F337B117E3736F08C1	DEB898082CC130A4EB267BDD72170723F190B607149EECE823F00FA85BAD843E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG	ASCII text	D66D018C2D73975E3E6B3986DE80BCC1	96936035207832793CBC4D7E4B1208D1F8AA2AD0	E0B0FCE2A56C6DBCEA69209AF416BC9A18393DD5E5EC3894779D32BA42482C90
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old (copy)	ASCII text	D66D018C2D73975E3E6B3986DE80BCC1	96936035207832793CBC4D7E4B1208D1F8AA2AD0	E0B0FCE2A56C6DBCEA69209AF416BC9A18393DD5E5EC3894779D32BA42482C90
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\42dd92ad-78b6-4360-bb35-1ea8c01b7a17.tmp	ASCII text, with very long lines, with no line terminators	0C03D530AC97788D62D27B2802C34D83	20F78B6B32D98FA52846C70DF78E4E5CEF663E2D	7941FADA9867DAAE08EBC196BAFC6952DD506842C3E7D8FB14DF9D4E402D894B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG	ASCII text	77226036F263CA32919D4961AFBC2442	0478755390CF03866B8747728D179AD3F4922050	E8B04F9EDF9DB386A986156BE17D03E3F85E02E05259363C79EB30B4F5C1E0BD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	77226036F263CA32919D4961AFBC2442	0478755390CF03866B8747728D179AD3F4922050	E8B04F9EDF9DB386A986156BE17D03E3F85E02E05259363C79EB30B4F5C1E0BD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	0C03D530AC97788D62D27B2802C34D83	20F78B6B32D98FA52846C70DF78E4E5CEF663E2D	7941FADA9867DAAE08EBC196BAFC6952DD506842C3E7D8FB14DF9D4E402D894B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG	ASCII text	C9224B7A9F87000E486EB2E56BAC55BD	979F9EDDF9324EA7D667AAD7BC56F7A7A042FE46	9B0A741F661124C42EF378298FA5FDEA8B3F75641EB03F8F1FEEDA216CB16E41
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy)	ASCII text	C9224B7A9F87000E486EB2E56BAC55BD	979F9EDDF9324EA7D667AAD7BC56F7A7A042FE46	9B0A741F661124C42EF378298FA5FDEA8B3F75641EB03F8F1FEEDA216CB16E41
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG	ASCII text	02817B2B2D574AB3BB995EB8B21D1CC7	53678962D128FF0D773AABE2031281B0F10743DD	D30EE31FEA744CB693B27CBCFEAC013AC6BDF715F9BFCCC306423C410626760E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old.. (copy)	ASCII text	02817B2B2D574AB3BB995EB8B21D1CC7	53678962D128FF0D773AABE2031281B0F10743DD	D30EE31FEA744CB693B27CBCFEAC013AC6BDF715F9BFCCC306423C410626760E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\7090edc0-f3de-41b5-aff6-848ea8b0568c.tmp	ASCII text, with very long lines, with no line terminators	5886A009EB58EE06A16EFD6D1BA9A046	A867B5052F3FBB811693DF8CE3FDAA794F2F2E40	9E3392126DE2D81D019E0AB3E17F20BADD0EC9FBD944BCB7C4DAF449D937D496
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG	ASCII text	6B0033EDFB22F158FDA158BF714B9967	35E028CDDEFC708A8563C94D95876CE809D55889	E60D56C249F6485F5B247B78BE74521556A2F307F6070A8B96A6A110728FCE12
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old=" (copy)	ASCII text	6B0033EDFB22F158FDA158BF714B9967	35E028CDDEFC708A8563C94D95876CE809D55889	E60D56C249F6485F5B247B78BE74521556A2F307F6070A8B96A6A110728FCE12
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent StateMP (copy)	ASCII text, with very long lines, with no line terminators	5886A009EB58EE06A16EFD6D1BA9A046	A867B5052F3FBB811693DF8CE3FDAA794F2F2E40	9E3392126DE2D81D019E0AB3E17F20BADD0EC9FBD944BCB7C4DAF449D937D496
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG	ASCII text	C09338702495AB4B4572FFDC4B991C93	6F660DCFEFED1B13ADEAD8C25A7243F48A681D69	A5B643808899A0FDBD66C416D9DE859970040BA36CC1BD31D11016F66688CD10
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.oldmg (copy)	ASCII text	C09338702495AB4B4572FFDC4B991C93	6F660DCFEFED1B13ADEAD8C25A7243F48A681D69	A5B643808899A0FDBD66C416D9DE859970040BA36CC1BD31D11016F66688CD10
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	ASCII text	9B07AA5588C69E61D3EEA231F726FAA1	7C094C852A23F70731B50A78CAEE07868F1C412B	BE6F50C286D0C86AED084243B779E57219132B26C9EB71CC0B3940D42C758B47
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.old/v (copy)	ASCII text	9B07AA5588C69E61D3EEA231F726FAA1	7C094C852A23F70731B50A78CAEE07868F1C412B	BE6F50C286D0C86AED084243B779E57219132B26C9EB71CC0B3940D42C758B47
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log	data	DE92AD90BE6D3364745B2F73F4C3CF73	9158681463BD30E5AF4DDA4BAAC81F93CEDBDA77	0025A3E0D3B834401B3B5F820E1991EF7E810D9A4B8B6B579E6301C94E7031A0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	5A33BC42507B9B35627F64505946397C	1F65FBFA671C3D6725F4BDB7602753D5CD2EDE6F	49642EFEA3EFA7B5539021CE06C958CEAA4B51B2B9C2AD56BDC62BC6612CDBA2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old (copy)	ASCII text	5A33BC42507B9B35627F64505946397C	1F65FBFA671C3D6725F4BDB7602753D5CD2EDE6F	49642EFEA3EFA7B5539021CE06C958CEAA4B51B2B9C2AD56BDC62BC6612CDBA2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links	data	8796631C11CC6D6583B5C4E473052053	DC5D07F7F409AD29C430E2DF50B227BDAE9BDE4E	F9DAF79941BF4FB6358DA06C90461AB0A65740709F61FB58A282862A2F32A34C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b9e9fb22-4518-4ede-ab0c-d72de20bb3bd.tmp	ASCII text, with very long lines, with no line terminators	47F8D1BC81A5E4B790ED1CC51B6B0781	7E0E6D0624C6A54D7BD3DCFD9EA2C6E80260CC65	54F444DC21EEB7B4F8CBA2D08913EB631D490B009C13ABF7AE29F9FBEE969014
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c9e1512e-965d-45fd-b9cb-5d485f0d8073.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	ASCII text	F4445D944335C21706901F22642B6377	28F6899A4B373B57A3AD4F78DB2A694606C5E545	3B7A248F9BE23A1BF58151226B28C804716724770D19A95DBEB93A1C452E50BB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.olde8 (copy)	ASCII text	F4445D944335C21706901F22642B6377	28F6899A4B373B57A3AD4F78DB2A694606C5E545	3B7A248F9BE23A1BF58151226B28C804716724770D19A95DBEB93A1C452E50BB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004	MPEG-4 LOAS	031D6D1E28FE41A9BDCBD8A21DA92DF1	38CEE81CB035A60A23D6E045E5D72116F2A58683	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e951f4ae-f3b5-4921-a78b-e1fd4811a7ce.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	698F2A22101A2F60C49030E11DB2E630	16DD9AB8DC2D06028B671833F15B6625BECC29B7	DCC15301B219C90662127364DF8EB44655C3D80D45F4F0883C629B299BD0D693
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\ed8855d7-f5f6-4553-bf02-d844021857b1.tmp	ASCII text, with very long lines, with no line terminators	829D5654ADF098AD43036E24C47F2A94	506C8BA397509BA0357787950C538C1879047DF3	4D0B852D18FCA5C1A712904CF6DB3811FB905E86D8A7508A2D42F9C8D68E2211
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	62A1ADF7F50B78A4058AF937EDC44216	B552A1D3D89073C042851D2DDF2F128CAD67ADC8	9373A499FB2764F069C8C3BEA5F2C43B28291A975BAAFD6E3EFC018DAACEA76F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old. (copy)	ASCII text	62A1ADF7F50B78A4058AF937EDC44216	B552A1D3D89073C042851D2DDF2F128CAD67ADC8	9373A499FB2764F069C8C3BEA5F2C43B28291A975BAAFD6E3EFC018DAACEA76F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	6861636511C49B57AFB37A801DE1151B	2A5C977702A92EBF9BA66D34FF4A1CBE6389F452	A87DBD5785F297B6967B22FE65BEF7361FE8A69D2077395626847166E39B94C5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info CacheR. (copy)	SysEx File -	CB85ED8E9D8B8193BD9DD9DB3B5F55D0	A5E9470E6D4DCB20EE26D2EA9427D01CD9C48B7C	98EF9AF2B307C027E8B9561E72B8E20D606287B3093F0E3C69C55669C82B51E7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cachees (copy)	data	537D2E0C8456A7C9067B43D2E7267978	9670F713A5858F908D69E6BC0A7B72A086E51F63	9C07C84C3E18578D8C110BD7B6BD3461199420F5FACCE4A0399C83D53C83C406
C:\Users\user\AppData\Local\Google\Chrome\User Data\ad0e0cd2-01c0-4694-ba13-292b920362d4.tmp	ASCII text, with very long lines, with no line terminators	979C30BED70FFCE6CC315853EB0DF425	45924288076C6D72350DC832614187EADE5D1421	F13FD2382A7FCAF047278D9A3CA665E86E44B699BA27A16B4FA3B4B690468122
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_pnacl_json	ASCII text	35D5F285F255682477F4C50E93299146	FB58813C4D785412F05962CD379434669DE79C2B	5424C7B084EC4C8BA0A9C69683E5EE88C325BA28564112CC941CD22E392D8433
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_for_eh_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	604FF8F351A88E7A1DBD7C836378AE86	9D8D89AE9F13D6306E619A4EAAD51EDE91A5F9F3	947E64BE43E821562CE894F1AFCC3D09CD7FF614C107FC94250CD3EA5C943302
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_x86_64_crtbegin_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	88C08CD63DE9EA244F70BFC53BBCADF6	8F38A113A66B18BAA02E2C995099CF1145A29DAA	127F903CC986466AA5A13C17DFDD37AC99762F81A794180339069F48986BC7A3
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_x86_64_crtend_o	ELF 64-bit LSB relocatable, x86-64, version 1 (SYSV), not stripped	75E79F5DB777862140B04CC6861C84A7	4DB7BDC80206765461AC68CEC03CE28689BBEE0C	74E8885B87ED185E6811C23942FD9BD1FBAC9115768849AF95A9DECF6644B2EA
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_x86_64_libcrt_platform_a	current ar archive	0CE951B216FCF76F754C9A845700F042	6F99A259C0C8DAD5AD29EE983D35B6A0835D8555	7A1852EA4BB14A2A623521FA53F41F02F8BA3052046CF1AA0903CFAD0D1E1A7B
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_x86_64_libgcc_a	current ar archive	C37CA2EB468E6F05A4E37DF6E6020D0F	EA787E5EADFB488632EC60D8B80B555796FA9FE9	C1483ED423FEE15D86E8B5D698B2CDAB89186CE7FF9C4E3D5F3F961FD80D7C6E
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_a	current ar archive	4E8BEDA73EB7BD99528BF62B7835A3FA	DC0F263A7B2A649D11FF7B56FE9CFAC44F946036	6B835FD48DF505EB336FF6518CE7B93BB0ED854DADAA5C1EEED48D420291F62C
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_x86_64_libpnacl_irt_shim_dummy_a	current ar archive	F950F89D06C45E63CE9862BE59E937C9	9CFAD34139CC428CE0C07A869C15B71A9632365D	945B1C8A1666CBF05E8B8941B70D9D044BAAFB59B006F728F8995072DE7C4C40
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_llc_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=309d6d3d463e6b1b0690f39eb226b1e4c469b2ce, stripped	9B159191C29E766EBBF799FA951C581B	D1D4BBC63AB5FC1E4A54EB7B82095A6F2CE535EE	2F4A3A0730142C5EE4FA2C05D27A5DEFC18886A382D45F5DB254B61B28ED642B
C:\Users\user\AppData\Local\Temp\4520_1780333825\_platform_specific\x86_64\pnacl_public_x86_64_pnacl_sz_nexe	ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, BuildID[sha1]=4b15de4ab227d5e46213978b8518d53c53ce1db9, stripped	9DC3172630E525854B232FF71499D77C	0082C58EDCE3769E90DB48E7C26090CE706AD434	6AA1DA6C264E0AF4E32A004F4076C7557C6AC6D9C38B0C5DE97302D83FA248C3
C:\Users\user\AppData\Local\Temp\56557854-4bcb-4305-a0a9-9c10df71e78a.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\browser-sslkeys.log	ASCII text	4395DFE46EF345C533041C93F3BCF436	37827A4A1C09C829395039D6CE7A48EAC2128B24	DD198A8A5E67BBFEE0BF78AC2F0C9A2C10347791BE19BAA1BF8A796AB47ED260
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\56557854-4bcb-4305-a0a9-9c10df71e78a.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\am\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	26330929DF0ED4E86F06C00C03F07CE3	478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C	621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\ar\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	44325A88063573A4C77F6EF943B0FC3E	78908D766F3E7A0E4545E7BD823C8ED47C7164EB	67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6911CE87E8C47223F33BEF9488272E40	980398F076BB7D451B18D7FDE2DE09041B1F55AD	273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\bn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F9DDF525C07251282A3BFFCEE9A09ABB	A343A078E804AF400A8F3E1891E3390DA754A5CD	C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A90CF7930E7C3BEC61EE252DEFAD574A	F630CA01114A7BDD39607CB84B8280CCE218A5C6	A533740E17559E2ADF40B4555C60F21EEC84E92C09CDBC19EED033A0B4DD2474
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	17E753EE877FDED25886D5F7925CA652	8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678	C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F08A313C78454109B629B37521959B33	3D585D52EC8B4399F66D4BE88CED10F4A034FCCC	23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	980FB419ED6ED94AD75686AFFB4E4C2E	871BFBCA6BCBA9197811883A93C50C0716562D57	585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	40EB778339005A24FF9DA775D56E02B7	B00561CC7020F7FE717B5F692884253C689A7C61	F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\en\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8351AF4EA9BDD9C09019BC85D25B0016	F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF	F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8A70C18BB1090AA4D500DE9E8E4A00EF	8AFC097FA956C1317DB0835348B2DA19F0789669	FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A62F12BCBA6D2C579212CA2FF90F8266	F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E	3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\fa\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	852BD3CFF960F1BC3A2AAB3CB3874EF9	C9F6F3C776542889FE3B67971D65ACFE048A3A0A	D87597B6C10364501B98AA42524843F109009CCEF022D8E0170440D7F144F4C6
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3902581B6170D0CEA9B1ECF6CC82D669	C8208AC2B1DD6D4F8BDAAE01C8BD71FFFA5A732B	D2A8180225A83A423BB6E17343DFA8F636D517154944002ED9240411B8C0C5E1
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\fil\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	59483AD798347B291363327D446FA107	C069F29BB68FA7BA2631B0BF5BBF313346AC6736	DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9B416146FE4F1403C2AACAC4DCF1A5C3	616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD	7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\gu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	68B03519786F71A426BAC24DECA2DD52	B8E6608932EC5CEC4BC3C5475BFC3E312D2E2E7D	C77A4D27E9E6CA25B9290056D93A656E3EBE975957E4C2EE9F0FB11B133D5CD4
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	20C86E04B1833EA7F21C07361061420A	617C0D70E162CF380005E9780B61F650B7A39F9B	C2C27CA242DBDE600BA3AA7782156BC2B190A64D8A1B51EDC8007BDECA139553
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3ED90E66789927D80B42346BB431431E	2B061E3271DF4255B1FFC47BDB207CDEC0D9724F	0B41E3C42414F72C9A12C05F8772597F9685115366A774C66018467AD4B71A74
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8E9FF7E49473C5734A2F6F0812E12EB3	A4F10DDD1580582533D5EB59EDF6D8048F887C81	6CDD2FB39ADECE00E88B989E464B05ED1414092D0492F6D0AE58D549BFD1A46A
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\id\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	7ADF9F2048944821F93879336EB61A78	C3DA74FB544684D5B250767BB0CB66FFB7C58963	3630947E1075E3663AD3E4824D0BE42CB47C0D615D8053E83B9595047C8BA9BE
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	BB3041A2B485B900F623E57459AE698A	502F5EA89F9FB0287E864B240EA39889D72053A4	025737EF8FA06706B3F26D0F52B4844244A6D33DAE1D82FEF2931A14C003D57E
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\iw\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	A991BEF47A83913A1E0EF06007D09198	80BA1E8FC3E9BE8A34F73E78CED8313E54F9CC96	0F95D8BF550F14B2B704CE42911F5BD23FA9FE28D0D301F66628848B27C760CB
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6F2CC1A6B258DF45F519BA24149FABDC	8A58C7880C6D22765DCBB6BCE22A192C1B109AE1	42ECFEE727CFC4F2845FEFDACE5EDC2E0A40AFAD69973A3B950CE653A7633342
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\kn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2E3239FC277287810BC88D93A6691B09	FC5D585DA00ADC90BF79109C7377BD55E6653569	5FC705AD19761204D8604EA069936A23731B055D51E7836CAAF16AC7719FBEEA
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	E303CD63AD00EB3154431DED78E871C4	3B1E5B8E2CF5EBDF5D33656EF80A46563F751783	FDE602BFDB1AFD282682DA5338C4F91D8A2F6CB5411DB8F62F4583D629CE67A6
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	93BBBE82F024FBCB7FB18E203F253429	83F4D80F64FA2ADCE6C515C5F663BD38A76C51DB	E7A8570922CCC4F2CA3721C4E61F426158C4E7BC90274FBC8BE4040FF8B6CA9B
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	388590CE5E144AE5467FD6585073BD11	61228673A400A98D5834389C06127589F19D3A30	05CA14196CA5D90B228C0F03684E03EBE403A3E7B513AE0A059244AE12B51164
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\ml\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2AF93901DE80CA49DA869188BCDA9495	E60DF4F2FB12BD3F1CA869DAD9F6BDE0C17CEB11	329E80AEE1212F634E180DEF7E16D6E38D9C9FDA9AC9DB1D99B8AE1626EF304E
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\mr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	659F5B4ACA112D3ECBB6EC1613DDE824	5DEE35FCD260554999F8DDEC489FBA9F81FA8EEE	C8B765E7A07578BC078A952E151E3B866506959E15E79E9E5E1DBB98F9C4008F
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\ms\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	09D75141E0D80FBD3E9E92CE843DA986	B24EAB4B1242C31B69514D77BC1DB36A3F648F40	8F1DBDEFD910AD88BEEC7956619CDB34391D6E69254C3A7497E8F87134AE8B5C
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	ED99169537909291BCC1ED1EA7BB63F0	5F72D51B6DBE8C622EF33D2B2AEBD7E9E20DAFB3	65B6598225ADA1E14EE9CB76CA863708E8F9EE0724B4EDC8F9508532BD631BAB
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\nl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	E9236F0B36764D22EEC86B717602241E	DE82B804B18933907095DEF3F2EF164C1BB5F9B6	300F4F7C45EBE39EAAF40776C28D0A399A710699AAB58E9A8D43A6FD2DD00376
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8254020C39A5F6C1716639CC530BB0D6	A97A70427581ADA902CA73C898825F7B4B4FAC8F	2F4E4FC6AEB4A8E7F0E0DCE220D66E763F4EBF1FA79985834D636C6692FEA3E8
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\pt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FABD5D64267F0E6D7BE6983AB8704F8C	D4DAAD0FF5C461C51E6C1FD22B86AFC5B13E123F	D82DCA262FF005668B252B478DEDAAC4A5C1E417AF9DE57C22F169A6680183AE
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	75E16A8FB75A9A168CFF86388F190C99	C27CE4C1DB3DF2D232925C73DC9AC1FA24DAD396	9C4716FF42A730F1E7725F0D9E703F311E79FDA31F85B4BB0B8863FC3C27AB9D
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\ru\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	64CCF079C1C65FC8A0CBEAD96D23EE0D	9B2B713D8762807C40E11AAE66DDD7DC31A89439	6C0AB716F771E8B4EE8BF1CCE465D293B356BC17E33F4C771B6C5AC1F53B4ECC
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\sk\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	17C19E58D06702D8482EB75756375260	DA1402C3D88C2BD9E032AF28E8D1306F4CC7FE92	D16A184043487CAEC1C25A2044D7D238FE08C39A7E6313B775A06E7CC02CF445
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\sl\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	8947A99339745BEBE875C1D09CE3597F	D52A93EADD08F2DB1E59589FA1AE9EA2F7760606	02D7AADC3162933823530A6BB46DC0DA8924307860A5A4A01BA6C1B7EA56B018
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\sr\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	86DFB9D8EFF6C33BCB883CE175C94C79	66A275F0F82B64A0ED1D5F78AABADAADD8726D6C	BCD98A88E6853175E06297BD719823F99879116D4ADB5938B367A40BC0BF6B6E
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\sv\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	9E7C2BF4FB8AB80ECF05F8D469CDC32A	9E064AF3838D57CCA142D06EC5318EF89E7CD3B8	AABE287EBD6AC99D9F1377D5BE8E9F767ADEED694C7FC3FEB3A78B06E256B469
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\sw\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	A7E2B8B9A5A8CAC3B14BED5768B8EE76	CBBB268518AAB2204F9B8AE6B128A368DF84BC73	F0DCDA5494B4010782886175605A25FDF69F12EF4A10864DEFE7BFB72BBA6870
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\ta\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	45058B19A7F2D5D7939E51C29A57AD24	136EE9760A2B2634279DC50461BEDB50675C5E63	3078BD25F7E2AADF8DDE63ED3D820C34FC251540A8F0B69E6A0A4C7C6AE44DB6
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\te\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	96922473D33251150385CC007F536636	AE0C88ADF60314226DBD314330D577E3859EFBFB	ED30B0E27E858F24757A1A01FC15D93A7C40987F54EF39820CA0FEE162B60EAE
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\th\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	9F1866A31232210A642F0B6681BFAFC5	C60E427AAFEA10E22349779402F895258DE163E2	F2ACE8657171629CE8BDD15CDB5A3D643A76D043DEEB5205F7D30ABE7562B1D7
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\tr\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	F91A300AE44C30F8C39C32F6798842FF	DEAA63D0ECD628CD207FFC2CD252405E17D75BB7	26BBC210F38EA9590C0AE2F767E692834E773ED64080D6DE9E66215998793D51
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\uk\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	B054CC87C4BC02DC892DE2BCA8A7E100	9F57EAF23B27C1CD016023C61A26143B167BE26A	781CDEBF1CA0AAED2680836596BAA771F02ECEA0853125B9922A0CCAC147574D
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\vi\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	78A4D7E2B07909AEFAD17E607B7ADC21	D5EA51A6378F02CBD6137E180439D8F545A70D39	4736C87E7BE6D549BE204302315838FB706E587DBE32C0597EA97888DAF5EC1B
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\zh\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	31D6B8544771F4560F2B617BB8CEF415	A643BE5BA1011F2BD0A71731FA871676F6CE880A	34EB2A6E5F34B868BA45923A7133DB64BA61D825B13D5D40671E757F10F106BD
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_locales\zh_TW\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	FB7BBDE833B0D8144AF573F1D28C8FAA	EA6749BA251D44AFE6E44EBD99B5CC3EAD7359FB	88508A3E179B2AFE6235B61AA869E65D97771B789BA937FD8F91D1AD939E690F
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	934A5882214683DEDF130E1C7E513AFD	4CB84A956148E8F3739681546850996741FDF421	D87B0B61750D36CEE2647B59213BAAC8B046C9A929C396CAF36F61AF95939F63
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\angular.js	ASCII text, with very long lines	FCE26058E60BD1CF870623C640481A4F	F95B53ABA83D9F2B1206D79020887D8EF019B737	A9B552276ED7342DC92C240F98C68433E7C711436E285A88E0DE9520F3640925
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\background_script.js	ASCII text, with very long lines	47D5838CF5DB13E4E7EF71EC5FC940A1	6AAE6A72DADCD30F0C8D3095E90468996B59ABB7	E0F0E47CDFE7C7D6E6BB63A789D7C20B05AB8B3F6ADFDF07D08793437F2CCD42
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\cast_sender.js	ASCII text, with very long lines	BBEA05A7844E45C1CF7B7479506DBB0F	4E421EE2CE22E9E10D7CD9BBC0F9FD38C71716FA	BB77A95786B01BD9D9A0F96B6AEA759E4B4C7CF9275E6B11C819D3BEA867CD8B
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\common.js	ASCII text, with very long lines	B6B210313827B63A322E102627320835	03D4A5DDF7E68F51B73E5C5C1D852D5F50611B8D	35AD6DB342342660ECE38A8967145228E1458ADDDE750ED4F1DDE6A17F351A15
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\feedback.css	ASCII text	D8EE20737329319BFA1ACBB0E6C219A6	D24118D81990E1316CA809669ECB603724C6E7E2	A582FC20DBCAD1918000B690EB8F237EC14E5B836FD7F799C35702D88DBE6862
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\feedback.html	HTML document, ASCII text	0EFADA4B2A95CC2D4AE00F794759D763	FEC3BB7837BE805955601F8C211DC5BE1F16535D	8CB99506A2ED9BCC6E1A66E0F218524C91304B3EBFCA113D0FECBB3D80078D0D
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\feedback_script.js	ASCII text, with very long lines	26F3B1FE17AD7EA58FEB76414A2A9F61	00460DF77358708E951BCD745B388B49D81B7D30	56686B8D4F0A467D52EA03F503B6F8387742E9F8F3A90AD75C11BC9E3FF243D7
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\manifest.json	ASCII text, with very long lines, with CRLF line terminators	F76238944C3D189174DD74989CF1C0C6	85CE141EC8867B699668A5F5A48F404C84FCEB04	2EF48A1CF322DE356E8844DD2FD3431E8E7ACD04770649B6507EACA5ABDB53A7
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\material_css_min.css	ASCII text, with very long lines	76EAA4368ED0E83F45B725727414D0E2	CB3ABE758DD77E0AC48F9C9D23DB386E9E52E42E	3F94B4F2DDAE805F4863FE751B138CB77B24893E3EDE6822E72F0EE4624CD155
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\mirroring_cast_streaming.js	ASCII text, with very long lines	3B822402369E38423E0196F38666E4FF	46003805834146270C8CDD8DD3DC586B96F07962	E8A4514D5075DBF8D262D601E0BE56D2B9372E70E5F5FB8C6132DEC4D19F9C81
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\mirroring_common.js	ASCII text, with very long lines	654360FF7FDFFE33D5A6ACFBF724A756	5A6A3F657FDC63FA603EE25F98FD6EB75BBBFCD7	27116F53D9BF90CA864D92E03CD6DBD3346952109EBF7E4CBF4DD54555D4E92F
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\mirroring_hangouts.js	ASCII text, with very long lines	6F0D3D6150756440E05FCAB694D5AEEF	E1F15F2E825E41185EAEC2A2EC58A5832E28D50D	4FB517A0225506801DD60245B833914A99C78C2E929821BDA9072134EEB3C6E0
C:\Users\user\AppData\Local\Temp\scoped_dir4520_1079500869\CRX_INSTALL\mirroring_webrtc.js	ASCII text, with very long lines	D8C34BAD4274AD0795779A88CC53F14E	2E9F20B48CACF79627B231A42561198F369D9D34	7CF60CF47D4A4D56541E039BF74C10FBE945A6430AD7663C9F7595BFDDC801C8
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\user\AppData\Local\Temp\scoped_dir4520_671785993\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27

ID:	502282
Product:	CloudBasic
Start time:	19:12:08
Start date:	13.10.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Windows Analysis Report https://insurance.insuretym.com/wp-include/reports/genWeb/?email=andy@candies-twentytwo.io

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs