Windows Analysis Report https:////main.dypuej5ogfl2b.amplifyapp.com/

Overview

General Information

Sample URL:	https:////main.dypuej5ogfl2b.amplifyapp.com/
Analysis ID:	510515
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Antivirus detection for URL or domain

Invalid 'forgot password' link found

HTML body contains low number of good links

No HTML title found

Classification

Signatures

AV Detection:

Antivirus detection for URL or domain

Source: https://main.dypuej5ogfl2b.amplifyapp.com/	SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://main.dypuej5ogfl2b.amplifyapp.com/M	Avira URL Cloud: Label: phishing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/images/logo.png	Avira URL Cloud: Label: phishing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/css/font-awesome.min.cssy	Avira URL Cloud: Label: phishing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/css/font-awesome.min.css	Avira URL Cloud: Label: phishing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css9	Avira URL Cloud: Label: phishing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css/	Avira URL Cloud: Label: phishing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css	Avira URL Cloud: Label: phishing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/#	Avira URL Cloud: Label: phishing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/css/bootstrap.min.css	Avira URL Cloud: Label: phishing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/2	Avira URL Cloud: Label: phishing

Phishing:

Yara detected HtmlPhish10

Source: Yara match	File source: 44581.0.pages.csv, type: HTML
Source: Yara match	File source: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3, type: DROPPED

Invalid 'forgot password' link found

Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: Invalid link: Forgot Password?
Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: Invalid link: Forgot Password?

HTML body contains low number of good links

Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: Number of links: 0
Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: Number of links: 0

No HTML title found

Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: HTML title missing
Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: HTML title missing

Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: No <meta name="author".. found
Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: No <meta name="author".. found

Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://main.dypuej5ogfl2b.amplifyapp.com/	HTTP Parser: No <meta name="copyright".. found

Source: unknown

HTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.4:49813 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: main.dypuej5ogfl2b.amplifyapp.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: main.dypuej5ogfl2b.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://main.dypuej5ogfl2b.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /css/bootstrap.min.css HTTP/1.1Host: main.dypuej5ogfl2b.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://main.dypuej5ogfl2b.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /css/font-awesome.min.css HTTP/1.1Host: main.dypuej5ogfl2b.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://main.dypuej5ogfl2b.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /css/hover.css/ HTTP/1.1Host: main.dypuej5ogfl2b.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://main.dypuej5ogfl2b.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://main.dypuej5ogfl2b.amplifyapp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://main.dypuej5ogfl2b.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.1.3/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://main.dypuej5ogfl2b.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /images/logo.png HTTP/1.1Host: main.dypuej5ogfl2b.amplifyapp.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://main.dypuej5ogfl2b.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://main.dypuej5ogfl2b.amplifyapp.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://main.dypuej5ogfl2b.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /s2/favicons?domain=webmail.websrvcs.com?v=BUILD_HASH HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://main.dypuej5ogfl2b.amplifyapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /s2/favicons?domain=webmail.websrvcs.com?v=BUILD_HASH HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.google.comCookie: CONSENT=YES+GB.en-GB+V9+BX
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: Ruleset Data.1.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.1.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.1.dr	String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 9635Connection: closeDate: Wed, 27 Oct 2021 19:08:44 GMTServer: AmazonS3Vary: Accept-EncodingX-Cache: Error from cloudfrontVia: 1.1 43caad45fe33928cc863afe8f8e92577.cloudfront.net (CloudFront)X-Amz-Cf-Pop: MXP63-P3X-Amz-Cf-Id: 76gMzKFHibJmOVJP0GolaC57iwr9dMFRSEIlhUUTFG89NbEutCfwOA==

Source: data_3.2.dr	String found in binary or memory: http://www.mail.
Source: Reporting and NEL.2.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=wDtrgv66HYHDqRILkuN3Sx0DwC7y7UkgffJdeAUdnXjGMNUXIHs15Z03JlO
Source: Reporting and NEL.2.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=zKRMNpyFTxUi1J03aLMq5CfY84v%2FP07xtVTG9hj9iL%2BblO3dKtnQPDR
Source: manifest.json1.1.dr, cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: data_2.2.dr	String found in binary or memory: https://apis.google.com
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: data_1.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jskf
Source: cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: data_3.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.3.1.js
Source: data_1.2.dr	String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCfux3wVXpP93Egk
Source: manifest.json1.1.dr	String found in binary or memory: https://content.googleapis.com
Source: LICENSE.txt.1.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.1.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: data_3.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Resource-Policy:
Source: Reporting and NEL.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: data_3.2.dr, Reporting and NEL.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/encsid_AXrpQdfmR0fDhCOPhF1MuC4lh4qBOg6Nc66MCVJYeKk
Source: data_3.2.dr, Reporting and NEL.2.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: 87eb828b-2a13-4b5d-85f1-a6b3dd773e1d.tmp.2.dr, cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://dns.google
Source: LICENSE.txt.1.dr	String found in binary or memory: https://easylist.to/)
Source: manifest.json1.1.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://fonts.googleapis.com
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Archivo
Source: manifest.json1.1.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: data_3.2.dr, cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://fonts.gstatic.com
Source: data_2.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bb-iXxi2g.woff2)
Source: data_2.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bb_iXxi2g.woff2)
Source: data_2.2.dr	String found in binary or memory: https://fonts.gstatic.com/s/archivonarrow/v12/tss0ApVBdCYD5Q7hcxTE1ArZ0bbwiXw.woff2)
Source: manifest.json1.1.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: LICENSE.txt.1.dr	String found in binary or memory: https://github.com/easylist)
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: manifest.json1.1.dr	String found in binary or memory: https://hangouts.google.com/
Source: data_3.2.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: data_1.2.dr	String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Source: data_1.2.dr	String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Source: data_1.2.dr	String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/webfonts/free-fa-solid-900.woff2
Source: data_3.2.dr	String found in binary or memory: https://kit.fontawesome.com
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: Current Session.1.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/
Source: Current Session.1.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/#
Source: History Provider Cache.1.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/2
Source: data_1.2.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/M
Source: data_1.2.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/css/bootstrap.min.css
Source: data_1.2.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/css/font-awesome.min.css
Source: data_1.2.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/css/font-awesome.min.cssy
Source: data_1.2.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css
Source: data_1.2.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css9
Source: data_1.2.dr	String found in binary or memory: https://main.dypuej5ogfl2b.amplifyapp.com/images/logo.png
Source: data_3.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: data_3.2.dr	String found in binary or memory: https://nomoejunk.com/nxt.php
Source: cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://play.google.com
Source: cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.1.dr, craw_window.js.1.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_2.2.dr	String found in binary or memory: https://ssl.gstatic.com
Source: data_1.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js
Source: messages.json28.1.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json28.1.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_background.js.1.dr, craw_window.js.1.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: data_2.2.dr	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: data_2.2.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: data_3.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?domain=
Source: data_3.2.dr, data_1.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?domain=webmail.websrvcs.com?v=BUILD_HASH
Source: data_1.2.dr	String found in binary or memory: https://www.google.com/s2/favicons?domain=webmail.websrvcs.com?v=BUILD_HASHChIKBw1TVYG1GgAKBw2MV9u3G
Source: manifest.json1.1.dr	String found in binary or memory: https://www.google.com;
Source: craw_background.js.1.dr, craw_window.js.1.dr, cc951f97-300d-40f7-a212-4920fd1958d3.tmp.2.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json1.1.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: data_2.2.dr	String found in binary or memory: https://www.gstatic.com
Source: manifest.json1.1.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: unknown

HTTPS traffic detected: 142.250.185.228:443 -> 192.168.2.4:49813 version: TLS 1.2

Source: classification engine

Classification label: mal56.phis.win@15/139@12/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https:////main.dypuej5ogfl2b.amplifyapp.com/'
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,13697681952374870177,3520927636459733860,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1628,13697681952374870177,3520927636459733860,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: https:////main.dypuej5ogfl2b.amplifyapp.com/

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-6179A3B8-19F4.pma

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.185.99	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
142.250.185.228	www.google.com	United States	15169	GOOGLEUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.250.74.206	clients.l.google.com	United States	15169	GOOGLEUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
108.139.243.120	main.dypuej5ogfl2b.amplifyapp.com	United States	16509	AMAZON-02US	false
216.58.212.141	accounts.google.com	United States	15169	GOOGLEUS	false
104.16.18.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
142.250.185.97	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
gstaticadssl.l.google.com	142.250.185.99	true
stackpath.bootstrapcdn.com	104.18.11.207	true
accounts.google.com	216.58.212.141	true
cdnjs.cloudflare.com	104.16.18.94	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
www.google.com	142.250.185.228	true
main.dypuej5ogfl2b.amplifyapp.com	108.139.243.120	true
clients.l.google.com	142.250.74.206	true
googlehosted.l.googleusercontent.com	142.250.185.97	true
clients2.googleusercontent.com	unknown	unknown
clients2.google.com	unknown	unknown
ka-f.fontawesome.com	unknown	unknown
code.jquery.com	unknown	unknown
kit.fontawesome.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx	false		high
https://www.google.com/s2/favicons?domain=webmail.websrvcs.com?v=BUILD_HASH	false		high
https://main.dypuej5ogfl2b.amplifyapp.com/images/logo.png	true	Avira URL Cloud: phishing	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false		high
https://main.dypuej5ogfl2b.amplifyapp.com/css/font-awesome.min.css	true	Avira URL Cloud: phishing	unknown
https://main.dypuej5ogfl2b.amplifyapp.com/	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://main.dypuej5ogfl2b.amplifyapp.com/	true	SlashNext: Fake Login Page type: Phishing & Social Engineering	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css/	true	Avira URL Cloud: phishing	unknown
https://main.dypuej5ogfl2b.amplifyapp.com/css/hover.css	true	Avira URL Cloud: phishing	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false		high
https://main.dypuej5ogfl2b.amplifyapp.com/css/bootstrap.min.css	true	Avira URL Cloud: phishing	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Google\Chrome\User Data\0f50e32e-e071-4574-a327-0efee03a04cf.tmp	SysEx File -	694B0C4C387193ECE3DD555FB871687B	CB6559AB4BB33348D9315D37A155C51E4777F43F	F8033A59E687897BB3A59B9F8DBD9EF6A4234DA3E32DB27650691EFA0502C739
C:\Users\user\AppData\Local\Google\Chrome\User Data\21e7fe77-f0ef-4da0-9129-2757dbf78eb4.tmp	data	8DCB4B236A3BF49788A2B77D00BFFB9E	C78BF8A52E413BF8E0C54E8A6E40097323A001CA	5471720788D48A01DCA45E855CAE93761E593F2EBF0E023B4C4B7F15B04F9D42
C:\Users\user\AppData\Local\Google\Chrome\User Data\32029b11-ae67-4665-a634-7c0e82772e51.tmp	ASCII text, with very long lines, with no line terminators	905391AA6A748B38B0AF366018BF2E89	181B92F2BEB97C648163F6DAFC360A34BBA896E6	11C2BC5A2444B28E604D4D6800372143E3BEDF8983913E0FE019519D9406E540
C:\Users\user\AppData\Local\Google\Chrome\User Data\4fb04e8d-ff18-42c9-85b9-ab435a4ea71a.tmp	ASCII text, with very long lines, with no line terminators	1312DE723800E561F8BDEF2E83CB6DBF	DE5ED8D43287812C16EEBB209C53EE52C662A5D7	52A7495DE4E493D71CF081320ACBAB16F9352C8977F0A7204A2143D234B8E8B5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	7AE9008C2AA5ED3E5ED52743E082F5BF	CD90099842F51474494BFC490433578A89C1B539	94E7D9BF431A0E3F0FD02F0FBA7321F43DD8B523E3D32092AFC474D3FD5ABF62
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\64cd8f1e-a13b-45b1-bb66-8f2870bee78d.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG	ASCII text	997C3D6CE84E21B0168E59DE17EF00A5	A79FAFAF0011EAF70B39A68D3B0D68F53DA903C8	A4DB46428896C5D36D65618669BEA5BED1B26437831B14B7C302A2B89774AB00
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG	ASCII text	D032A3FA44268C43C5011751D3CA6F56	22261F6F85854FD9A88D76B35645497D8BF3A42F	7CF0008D5B941E3C77F90F281C6F78B0997AFD9D3C9FADF2B00556D5F2C6D23D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0	data	F90177AB559A8DF166FF15520EDDFD34	8542D227BA95D0734CCC811821AFB87D15C79A06	CA3D9F95E73122DF8B92ADCFCB1A36116D17E38A9A46A9C11013E06207747006
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1	data	733269643CB638857A1A17CE748E2B43	363A12F11BA126C60FCA4187628373A278203291	A539012C780D68E70B64090463FBE45C4FFE2EC67807E7EC791A0DF31BDB8771
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2	data	948A16A56F139C813E21F61F176FFB36	636FFC2EDF391A89F0FDCB77512C78FDABDD0B64	57AD12F94E916536C032833AE9E80413F1926C99FC31B0DDF20D9D0523574959
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3	data	EA636D961902CE7D3F5FD1E421BEBB30	C3EFD3A0F0CF0ADA4E5C472329CE92C10838F267	6D4FF4FC1FC2F5A27E2718D6857EC11B45EE135D6E8AA8A47672F7069A26494C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	0104A12BA5DD42D13BB880276D8D5D08	81346A586542DA07025159EC2E8FFE98B24D6233	432AE3B8A5DA589B71EC678E2DD1AC2EE152039A1BF3222510AC7FA91D3D93A6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session	data	1AF37B964C3C56AA5B02E89027AFB938	B5B7ED83C9E26A3DEAAB844322336B3C7F62E9BE	D4C2707AADD187BF7051DBD0CDDC790E9D4CCD16011B000C368562139DF1313D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	BB9B527949692288040DE3359E5585B7	ED8DE5C271F6CE7FB8AC8D336D55E0A41A5A4F3E	5E5BBBE23C2EBA0C5A26A464E1533E5E66A45689C03E743B27665F83DAEFDA18
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	ASCII text	B74EC929D5E620BAA101C9485CBC24B2	166785B3CBE5B782078C9D521EB1C3BCB32BE3BC	CC790605133A473BF8376D1FA396D02763628263F1533370B996B7227C9C136C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)	ASCII text	B74EC929D5E620BAA101C9485CBC24B2	166785B3CBE5B782078C9D521EB1C3BCB32BE3BC	CC790605133A473BF8376D1FA396D02763628263F1533370B996B7227C9C136C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	6C88FEEDEE47B405DCBB87ABEBC47027	C28B0EB68BAB44D7D6F514351A3BDFCD70A3941E	153DDD24CD5DBCA43DC2071DDF4BE156DCBF32FB3338A2815023358A9740F708
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	ASCII text	7D921D3BD99C54A8172C88A2B88B9267	CEECD4E4F3445248F420B2C7C41F902D6E76F430	1031072B620BB658A5BBCD6E7BF9DCDAF3F43833EA79551C1592EC921065D766
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old (copy)	ASCII text	7D921D3BD99C54A8172C88A2B88B9267	CEECD4E4F3445248F420B2C7C41F902D6E76F430	1031072B620BB658A5BBCD6E7BF9DCDAF3F43833EA79551C1592EC921065D766
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	F413DDA11BD8F539841C6E04BCFF59D3	FA688824D16D667EB0E88FF32A8E7906E8EF1618	3167F6285E0A76E60CE12405AAAD870D67181295A066F970F01742C9AB61A176
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG	ASCII text	6E2B86604FD8B6C8785E2111971C4859	1D0B830D7B83CFAB3955481D95EA330042AC3985	9FE0C4C4B6350BB6397B40D11CA65F0581D5EDFE712D413E32E1409FDA7470A6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	ASCII text	EC12F2C88BD3A697CF1ABEE9C5500BF8	3EE753F7AFCB47AEC9E4D1E90BAB83AD8AF932AA	9578285C53AC8178B62B657A29E56C73EDE48CBA1DD203CBBACE3B6B01E2534A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	70E8046F41197745EF7722167A322AA3	4D9A02B7EF0EAB8FC178F5E8C05197D9C74065F0	19D85A9C5EE7E9FC0CDEA3669C98713EA71EED0B3E0DE0EB5D481445E297C7EB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session (copy)	data	1AF37B964C3C56AA5B02E89027AFB938	B5B7ED83C9E26A3DEAAB844322336B3C7F62E9BE	D4C2707AADD187BF7051DBD0CDDC790E9D4CCD16011B000C368562139DF1313D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabsnd (copy)	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	ASCII text	7419C65380C9C8CCFD448BBB526A19D7	8AB918DA7435F4947D03CB5363D2653839DE0975	7AB53F4A18BE296C33F7F0D3A7E1F0C68B048C573411FFDA11A85A134D6B45AA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy)	ASCII text	7419C65380C9C8CCFD448BBB526A19D7	8AB918DA7435F4947D03CB5363D2653839DE0975	7AB53F4A18BE296C33F7F0D3A7E1F0C68B048C573411FFDA11A85A134D6B45AA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG	ASCII text	63E16AD9032B6B23A788D60F9F1C1AA4	A2A0069CDF2A82E7F0F5474F4BC6339D53CCDB01	ECD6608204E0737B29E817BB649EA3B88B1AD6AF46C97604165090DA6506FFB7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.oldMP (copy)	ASCII text	63E16AD9032B6B23A788D60F9F1C1AA4	A2A0069CDF2A82E7F0F5474F4BC6339D53CCDB01	ECD6608204E0737B29E817BB649EA3B88B1AD6AF46C97604165090DA6506FFB7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3032001	33433723BCE4BFB439962C3F6AB7242A	4BFC37AA7AED9BAA9DE49500B1133180B252E09E	7E070E44CC47BC1A3E93D0707547831C91CA646FA6E5AF4BCBEC487A3EC42BA4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	data	09577FAB41D2A79570A20D3C2B496090	C513A1885D8A037417BB0EE993A0C082E125902D	B0A92E2E08A3CBB19B8F2CE628423974BB077B222821D58C4A26315F6BBB07A4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	ASCII text	84E5F479D71C07A614533F8E97419F4E	F0EFD1509509C209B3CE87DA2FDD3F7933E6CA75	EE8BCE2A6FCE90B4A3B8D8A7322A83B209EA1FE0DF1DA62530B7A62A525C2C46
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)	ASCII text	84E5F479D71C07A614533F8E97419F4E	F0EFD1509509C209B3CE87DA2FDD3F7933E6CA75	EE8BCE2A6FCE90B4A3B8D8A7322A83B209EA1FE0DF1DA62530B7A62A525C2C46
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\87eb828b-2a13-4b5d-85f1-a6b3dd773e1d.tmp	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG	ASCII text	4539FA96DCC8DAFE33593FCC7AC185DA	67E42DFB35AB1538C7C035E17F7BD04FD6834193	1AEE9077B51AD0F2F538E17ED1D71585D2EE3CFA20A0E5E87284693333392D11
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	4539FA96DCC8DAFE33593FCC7AC185DA	67E42DFB35AB1538C7C035E17F7BD04FD6834193	1AEE9077B51AD0F2F538E17ED1D71585D2EE3CFA20A0E5E87284693333392D11
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG	ASCII text	363EAA2F2AAC5C247CCE98874B904481	45ECC910F3B6D3D003DE6EDD2BFF3D4F48A350E5	4DF16D0F8A5DCAE9D50D3B22CED8AEE8E56607A56524A5EF8F146BA1119B8D50
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old. (copy)	ASCII text	363EAA2F2AAC5C247CCE98874B904481	45ECC910F3B6D3D003DE6EDD2BFF3D4F48A350E5	4DF16D0F8A5DCAE9D50D3B22CED8AEE8E56607A56524A5EF8F146BA1119B8D50
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG	ASCII text	1CB35939B2FD57FD77F6542F9EBFDBF7	7BCEAA443E9F436B6F4E90DDA9A63820E87D01B8	DA782EB66988B744AE2E349979834B7DA02DFD10849A0135FA4D0627045A51EA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG	ASCII text	280A0D916E62ED3539C591B0DF0B767F	D9D86F703F313A749D50760F671F61E761CE0435	24F9AAC847AA32D1FF344EB95F9895252E4CF6A26D777BA089E8B2B8C9DC892B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	ASCII text	E1D3A83ED3BA59B2522FDFF10A14BBCC	1D59714437ACCABA0E50041779F27923CCD2D54C	09E7383CA3BDFF09F6E900F73B69B2547FE307962E58DFC27327D52410448EC1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log	data	1F7F208858A1F652FA7AE45C3C7510C9	E3B7E0FB73EE579B9E8B6E29F9D9CCD783050A5D	81B396566964F665632A83714FF09AFE24C96E8E5401A588B943D721669DE6F4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	FD48F223F2CE5016E93E0FD4DABD6222	806DCCBF84A0F572581AC2E5696A6866288EF389	3DFC270D97EE96D6B1BF6F9006062453FBC107574626859472885B72BA9C6818
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old.. (copy)	ASCII text	FD48F223F2CE5016E93E0FD4DABD6222	806DCCBF84A0F572581AC2E5696A6866288EF389	3DFC270D97EE96D6B1BF6F9006062453FBC107574626859472885B72BA9C6818
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a8653c50-64fc-4438-9d54-0d4554ba9b8b.tmp	ASCII text, with very long lines, with no line terminators	F5065D0A0CAD44B47C64876A10DA89A5	4433C668CEDA775D5DD97A4BE0952DE5DCE8B817	9B025466C5499CF7EF874317D056F079FB192CA28234839F413D41FF7B0E3431
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\a8e2619f-ef4e-4f38-b0a9-b586a7d05093.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	1C20571CEB75B6CE7041E3B98AF16B4C	99E8F61E6225E269448C7F7411AE49098D65F4AE	F5E37F3CD117542BEC97CB47CF506880869E947A9291C210C9F405443F618C0C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\b1688f3f-84df-497c-a4c9-5430977ce732.tmp	ASCII text, with very long lines, with no line terminators	97F843CB4F20616F3284FED4E7F08A5F	96BC48F40B9561C614F50EBD3B5423FCD783FDBF	B75BBBA0B7AAB8CF082098F5D3143A433E326D7B0490F510A77EF154D875FEF1
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cc951f97-300d-40f7-a212-4920fd1958d3.tmp	ASCII text, with very long lines, with no line terminators	494384A177157C36E9017D1FFB39F0BF	CE5D9754A70CD84CEE77C9180DB92C69715BE105	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	ASCII text	FF2149BC99E2EA47301687A56BC4733C	B3DDB70EF371A8B03B685275387569E37DB71DA8	2A92E723F7A8EF1688D4C6FC7377CAF8BB478859432CFEB8A5571113D0CD15D6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old (copy)	ASCII text	FF2149BC99E2EA47301687A56BC4733C	B3DDB70EF371A8B03B685275387569E37DB71DA8	2A92E723F7A8EF1688D4C6FC7377CAF8BB478859432CFEB8A5571113D0CD15D6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004	MPEG-4 LOAS	031D6D1E28FE41A9BDCBD8A21DA92DF1	38CEE81CB035A60A23D6E045E5D72116F2A58683	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	C3D4973F0AA6958A0E30D5A7D766DCFD	8DE546EF8810CD2B5FF28125A87EACBFAFB74C99	C283553FB8B20555949FF554967D45A336882A52E5DCA209160CA715B418AA95
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir6644_813995720\Ruleset Data	data	580DB025FA9444FBD3D00A0B7F4AEEE6	26BA225F9E58BA440E455B151AFA62E6DA71D052	4DF7686CE689C87AE5AC45DE42E602ADB0AC316EE7C9F55717DEAD2509058ECC
C:\Users\user\AppData\Local\Google\Chrome\User Data\c3f1249b-170c-45fe-820d-b2d47368e2eb.tmp	ASCII text, with very long lines, with no line terminators	221B9F443024F587D2D0B119CE86FBC2	5F5312C9512882CB08B73AD70A4440B07F563EB3	CF4214C6CF5E85FA8FA32185474FCC6D380EDE97184CD7444E31853B31FCBD8D
C:\Users\user\AppData\Local\Google\Chrome\User Data\f129404c-9119-46ee-8a72-bcc72624bec6.tmp	ASCII text, with very long lines, with no line terminators	4E363ADE5A4D9FAEC20CB58B484D3047	5422897AA421276AE94B5B5FB0000E26CA53480C	2B1EF84908C636FB88605C0E4797571DB2772CEF6A1E84718ACB33C7F23CCB4A
C:\Users\user\AppData\Local\Temp\281de4e1-6853-407a-a3c1-461f54c4be72.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\285acb69-1251-40b4-910e-6d3be5bd005e.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\6644_1188738901\Filtering Rules	data	492D833A4DACDC2843C7E1835DE22679	50461C265B3FF063690DFD7B5FDF742BA06DE36D	081284C6EB49939EA138A836CD347C212E130266A4E0FAF3A5DF7C01F9F27E21
C:\Users\user\AppData\Local\Temp\6644_1188738901\LICENSE.txt	ASCII text, with CRLF line terminators	D33AAA5246E1CE0A94FA15BA0C407AE2	11D197ACB61361657D638154A9416DC3249EC9FB	1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
C:\Users\user\AppData\Local\Temp\6644_1188738901\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	531658FD4A53DCAA6706C4E299F7F321	30E6E2BBF0C17CDED7D479A14E96468B94B647C3	99CFEEE3A649590AB00880AFF978CB3E9BE65302AE2CD60B134387D606F1C79A
C:\Users\user\AppData\Local\Temp\6644_1188738901\manifest.fingerprint	ASCII text, with no line terminators	665E5819FD3845C8CF669B0FC7C35244	C807724385F53E2B2410E269CAEEA719ABB03F76	317A5B0177F17156279688F1FEF1D2568AAEB975239BB48702C76E2C4EFCC050
C:\Users\user\AppData\Local\Temp\6644_1188738901\manifest.json	ASCII text	B0E35F2BE526F795B810BE0E88B72358	0C7CB5B9E7AF8DE8ABB306CFB722994820656A1A	5D812EADC836E42C32649263525F7CFA2FE113E9C2D04E436EEE1BFF97E71359
C:\Users\user\AppData\Local\Temp\e204c793-3c54-4647-aeab-ebc9cd58fff3.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\f7a4d8e6-a7a6-407e-b778-518b6bd09156.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\am\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	26330929DF0ED4E86F06C00C03F07CE3	478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C	621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\ar\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	44325A88063573A4C77F6EF943B0FC3E	78908D766F3E7A0E4545E7BD823C8ED47C7164EB	67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\bg\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	3B3D0AA18879730F022E596FDF21AB3F	EFE1E6410079417F4BF637BA4421ADCA052C13B9	4CC6F1ABA1B559613812A874BAA3C4F1BDCDBEFFAC8A21717AE9D4EFA3870A56
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\bn\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	571C05775F9B47A871800152EE2E312B	1BF80C07EBD0E4438A1636BA04B275B16E98119D	E243D3309999C6E5DBFD42546C0BB85137663F2E0B0F726F323F32F21135DC92
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\ca\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	F99436352FD3FD86163903C23DF4F687	AE0BEB9B514BF9BDAC8D284BCE044F07D509BC45	5F62D46B7DF1B454026355B74ACAA1089803C550C80FC14ACEFA4EC5E5348B8A
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\cs\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	2BAC88F7497326C230429E5AC682EFC5	1A71E7B6658E7ADA5922BAD7C47301845EA148EA	629AB039C1B7BB5F94DF9EE253C61F7816D28D2B1DD4D50A527008F3CFCE27EF
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\da\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	A471CC860CCC748C1807BEE41B669DA5	CD94B28CE5076AC1278278F55C501BB01DDCA315	B44E5AA82F76F1985DCACEEFAA122EB51A4E79358B3BDFF3191A7520CEBFA79D
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\_locales\de\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	F5622AAA0F81904E837130E4E825C3DD	33284EEE81FC2ED7D4B185889B3A463900FE90C0	43145DC64CF2898F1BEB7B5178865BFA550C21B8B66A782CA6B7760F27EA59AA
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\CRX_INSTALL\manifest.json	ASCII text, with very long lines, with CRLF line terminators	F76238944C3D189174DD74989CF1C0C6	85CE141EC8867B699668A5F5A48F404C84FCEB04	2EF48A1CF322DE356E8844DD2FD3431E8E7ACD04770649B6507EACA5ABDB53A7
C:\Users\user\AppData\Local\Temp\scoped_dir6644_1819004688\e204c793-3c54-4647-aeab-ebc9cd58fff3.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\285acb69-1251-40b4-910e-6d3be5bd005e.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\user\AppData\Local\Temp\scoped_dir6644_981779922\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27

ID:	510515
Product:	CloudBasic
Start time:	21:07:41
Start date:	27.10.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Windows Analysis Report https:////main.dypuej5ogfl2b.amplifyapp.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection:

Phishing:

Compliance:

Networking:

System Summary:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs