Automated Malware Analysis Management Report for New PO 78564.pdf

Overview

General Information

Sample Name:	New PO 78564.pdf
Analysis ID:	553179
MD5:	aaa5d93c47d50bcedaad9be5d7be8372
SHA1:	eb1d1dc348e5f2c6a3fb3790fbc405442190ca73
SHA256:	55c3bed4ebc39a8f3e5abbc3a3be17878d0eed6f80bfa35798b6415481f67422
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on shot template match)

Yara detected HtmlPhish10

Found potential malicious PDF (bad image similarity)

Yara detected HtmlPhish7

Phishing site detected (based on image similarity)

Potential document exploit detected (unknown TCP traffic)

No HTML title found

Potential document exploit detected (performs DNS queries)

HTML body contains low number of good links

Potential document exploit detected (performs HTTP gets)

IP address seen in connection with other malware

Classification

Signatures

Phishing:

Phishing site detected (based on shot template match)

Source: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html

Matcher: Template: office matched

Yara detected HtmlPhish10

Source: Yara match

File source: 44581.0.pages.csv, type: HTML

Yara detected HtmlPhish7

Source: Yara match

File source: 44581.0.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: embedded	Matcher: Found strong image similarity, brand: Microsoft image: 44581.0.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F
Source: embedded	Matcher: Found strong image similarity, brand: Microsoft image: 44581.0.img.3.gfk.csv FE22440D79FFA34950F512EF4A718B2A

No HTML title found

Source: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html	HTTP Parser: HTML title missing
Source: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html	HTTP Parser: HTML title missing

HTML body contains low number of good links

Source: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html	HTTP Parser: Number of links: 0
Source: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html	HTTP Parser: Number of links: 0

Source: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html	HTTP Parser: No <meta name="author".. found
Source: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html	HTTP Parser: No <meta name="author".. found

Source: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html	HTTP Parser: No <meta name="copyright".. found
Source: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html	HTTP Parser: No <meta name="copyright".. found

Software Vulnerabilities:

Potential document exploit detected (unknown TCP traffic)

Source: global traffic

TCP traffic: 192.168.2.4:49824 -> 142.250.181.238:443

Potential document exploit detected (performs DNS queries)

Source: global traffic

DNS query: name: glitch.me

Potential document exploit detected (performs HTTP gets)

Source: global traffic

TCP traffic: 192.168.2.4:49824 -> 142.250.181.238:443

Networking:

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.18.10.207 104.18.10.207
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 11:53:31 GMTContent-Length: 3672Connection: closeCache-Control: max-age=0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Fri, 14 Jan 2022 11:53:32 GMTContent-Type: image/pngContent-Length: 1157Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 11:53:32 GMTContent-Length: 3672Connection: closeCache-Control: max-age=0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 11:53:33 GMTContent-Length: 3672Connection: closeCache-Control: max-age=0

Source: angular.js.21.dr	String found in binary or memory: http://angularjs.org
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://cipa.jp/exif/1.0/
Source: angular.js.21.dr	String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: AcroRd32.exe, 00000001.00000000.876002852.000000000AFD7000.00000004.00000001.sdmp	String found in binary or memory: http://fontfabrik.comYou
Source: data_2.22.dr	String found in binary or memory: http://glitch.com/help
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/m#vC
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://iptc.org/std/Iptc4xmpExt/2008-02-29/
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://ns.useplus.org/ldf/xmp/1.0/V
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/extension/3
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/field#:
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/4n
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/id/n
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/property#
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/schema#
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfa/ns/type#
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.aiim.org/pdfe/ns/id/
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: AcroRd32.exe, 00000001.00000000.876002852.000000000AFD7000.00000004.00000001.sdmp	String found in binary or memory: http://www.microsoft.ct
Source: AcroRd32.exe, 00000001.00000000.863507875.000000000AF0C000.00000004.00000001.sdmp	String found in binary or memory: http://www.npes.org/pdfx/ns/id/
Source: AcroRd32.exe, 00000001.00000000.876338941.000000000B20E000.00000004.00000001.sdmp	String found in binary or memory: http://www.quicktime.com.Acrobat
Source: AcroRd32.exe, 00000001.00000000.864201270.000000000B04F000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/
Source: AcroRd32.exe, 00000001.00000000.864201270.000000000B04F000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/4y
Source: AcroRd32.exe, 00000001.00000000.876002852.000000000AFD7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/
Source: AcroRd32.exe, 00000001.00000000.876002852.000000000AFD7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/4
Source: AcroRd32.exe, 00000001.00000000.876002852.000000000AFD7000.00000004.00000001.sdmp	String found in binary or memory: https://PrefSyncJob/com.adobe.acrobat.ADotCom/Resource/Sync/Upload/Jq
Source: Reporting and NEL.22.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=6zUX3j1MbdTprOP9saoPUxJO7HAkS00cUOoZeSByQ2Z9vwZlYw5mPm%2F7X
Source: Reporting and NEL.22.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=eaBVLAkni1zPwuiUvTdOCmFgQ9QfTfBNlf9pPr%2FQuS4WQ4oHbsbaikMR2
Source: manifest.json0.21.dr, c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.21.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr	String found in binary or memory: https://ajax.googleapis.com
Source: data_1.22.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: AcroRd32.exe, 00000001.00000000.868054592.000000000CC38000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.881040798.000000000CC38000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.854586976.000000000CC38000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.873430385.000000000906E000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.com
Source: AcroRd32.exe, 00000001.00000000.868054592.000000000CC38000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.881040798.000000000CC38000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.854586976.000000000CC38000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comFamilyN
Source: AcroRd32.exe, 00000001.00000000.873430385.000000000906E000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comK
Source: AcroRd32.exe, 00000001.00000000.873430385.000000000906E000.00000004.00000001.sdmp	String found in binary or memory: https://api.echosign.comW
Source: manifest.json0.21.dr, c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.21.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: mirroring_common.js.21.dr	String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: data_2.22.dr	String found in binary or memory: https://cdn.glitch.com/d7f4f279-e13b-4330-8422-00b2d9211424%2FGlitch-Error-Rainbow-Mug-hires.png?v=1
Source: data_1.22.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: data_1.22.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jskf
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.21.dr, manifest.json.21.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://clients6.google.com
Source: data_2.22.dr	String found in binary or memory: https://cloud.webtype.com/css/3a8e55c6-b1f3-4659-99eb-125ae72bd084.css
Source: data_1.22.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_1.22.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js&
Source: data_1.22.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr	String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.22.dr	String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCSr7J0iEC-WnEgk
Source: manifest.json0.21.dr	String found in binary or memory: https://content.googleapis.com
Source: common.js.21.dr, mirroring_cast_streaming.js.21.dr	String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.22.dr	String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.22.dr	String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Opener-Policy:
Source: data_3.22.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 0c8dca69-2ac9-473d-9d4b-1b60d291aa95.tmp.22.dr, 8e953aa0-d90c-473b-ad17-0f636d0729ab.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://dns.google
Source: mirroring_common.js.21.dr	String found in binary or memory: https://docs.google.com
Source: data_1.22.dr	String found in binary or memory: https://earthy-unruly-shroud.glitch.me/css/hover.css
Source: data_1.22.dr	String found in binary or memory: https://earthy-unruly-shroud.glitch.me/css/hover.css/
Source: data_1.22.dr	String found in binary or memory: https://earthy-unruly-shroud.glitch.me/favicon.ico
Source: data_1.22.dr	String found in binary or memory: https://earthy-unruly-shroud.glitch.me/favicon.icoChIKBw2DqFs9GgAKBw3OQUx6GgA=D
Source: Current Session.21.dr, History.21.dr, data_1.22.dr	String found in binary or memory: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html
Source: History Provider Cache.21.dr	String found in binary or memory: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html2
Source: data_1.22.dr	String found in binary or memory: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.htmlM
Source: History.21.dr	String found in binary or memory: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.htmlShare
Source: manifest.json0.21.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://fonts.googleapis.com
Source: data_1.22.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: manifest.json0.21.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: data_3.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://fonts.gstatic.com
Source: data_1.22.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: manifest.json0.21.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: angular.js.21.dr, material_css_min.css.21.dr	String found in binary or memory: https://github.com/angular/material
Source: craw_background.js.21.dr, craw_window.js.21.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: data_2.22.dr	String found in binary or memory: https://glitch.com
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json0.21.dr	String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_1.22.dr	String found in binary or memory: https://i.ibb.co/1Rvzzk8/gmail1.png
Source: AcroRd32.exe, 00000001.00000000.885715185.0000000009095000.00000004.00000001.sdmp	String found in binary or memory: https://ims-na1.adobelogin.com
Source: data_3.22.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: data_1.22.dr	String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Source: data_1.22.dr	String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Source: data_3.22.dr	String found in binary or memory: https://kit.fontawesome.com
Source: data_1.22.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: data_1.22.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.jsa
Source: data_1.22.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: data_1.22.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: mirroring_common.js.21.dr	String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.21.dr	String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://ogs.google.com
Source: manifest.json.21.dr, craw_window.js.21.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://redirector.gvt1.com
Source: manifest.json.21.dr, craw_window.js.21.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json18.21.dr, messages.json86.21.dr, messages.json15.21.dr, messages.json26.21.dr, messages.json84.21.dr, messages.json11.21.dr, messages.json87.21.dr, messages.json22.21.dr, messages.json9.21.dr, feedback.html.21.dr, messages.json25.21.dr, messages.json16.21.dr, messages.json24.21.dr, messages.json0.21.dr, messages.json5.21.dr, messages.json76.21.dr, messages.json74.21.dr, messages.json79.21.dr, messages.json75.21.dr, messages.json21.21.dr, messages.json3.21.dr, messages.json23.21.dr, messages.json20.21.dr, messages.json12.21.dr, messages.json72.21.dr, messages.json83.21.dr, messages.json69.21.dr, messages.json8.21.dr, messages.json73.21.dr, messages.json82.21.dr, messages.json19.21.dr, messages.json14.21.dr, messages.json77.21.dr, messages.json71.21.dr, messages.json13.21.dr, messages.json80.21.dr, messages.json6.21.dr, messages.json10.21.dr, messages.json88.21.dr, messages.json.21.dr, messages.json17.21.dr, messages.json28.21.dr, messages.json81.21.dr, messages.json7.21.dr, messages.json85.21.dr, messages.json27.21.dr, messages.json4.21.dr, messages.json70.21.dr, messages.json78.21.dr, messages.json2.21.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json18.21.dr, messages.json86.21.dr, messages.json15.21.dr, messages.json26.21.dr, messages.json84.21.dr, messages.json11.21.dr, messages.json87.21.dr, messages.json22.21.dr, messages.json9.21.dr, feedback.html.21.dr, messages.json25.21.dr, messages.json16.21.dr, messages.json24.21.dr, messages.json0.21.dr, messages.json5.21.dr, messages.json76.21.dr, messages.json74.21.dr, messages.json79.21.dr, messages.json75.21.dr, messages.json21.21.dr, messages.json3.21.dr, messages.json23.21.dr, messages.json20.21.dr, messages.json12.21.dr, messages.json72.21.dr, messages.json83.21.dr, messages.json69.21.dr, messages.json8.21.dr, messages.json73.21.dr, messages.json82.21.dr, messages.json19.21.dr, messages.json14.21.dr, messages.json77.21.dr, messages.json71.21.dr, messages.json13.21.dr, messages.json80.21.dr, messages.json6.21.dr, messages.json10.21.dr, messages.json88.21.dr, messages.json.21.dr, messages.json17.21.dr, messages.json28.21.dr, messages.json81.21.dr, messages.json7.21.dr, messages.json85.21.dr, messages.json27.21.dr, messages.json4.21.dr, messages.json70.21.dr, messages.json78.21.dr, messages.json2.21.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: craw_background.js.21.dr, craw_window.js.21.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: manifest.json0.21.dr, c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.21.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.21.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.21.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.21.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.21.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.21.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.21.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.21.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json0.21.dr	String found in binary or memory: https://www.google.com;
Source: craw_background.js.21.dr, c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, craw_window.js.21.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.21.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.21.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.21.dr	String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.21.dr	String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: c596389c-bbec-4329-a09a-f0ad144063e4.tmp.22.dr, 8a887c47-7ff1-4c66-8d44-ea5697258593.tmp.22.dr	String found in binary or memory: https://www.gstatic.com
Source: common.js.21.dr	String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json0.21.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: unknown

DNS traffic detected: queries for: glitch.me

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ikowthlodisgoods.html HTTP/1.1Host: earthy-unruly-shroud.glitch.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: earthy-unruly-shroud.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://earthy-unruly-shroud.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://earthy-unruly-shroud.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://earthy-unruly-shroud.glitch.meUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /1Rvzzk8/gmail1.png HTTP/1.1Host: i.ibb.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /css/hover.css HTTP/1.1Host: earthy-unruly-shroud.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: earthy-unruly-shroud.glitch.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

System Summary:

Found potential malicious PDF (bad image similarity)

Source: New PO 78564.pdf

Static PDF information: Image stream: 9

Source: unknown	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\user\Desktop\New PO 78564.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\New PO 78564.pdf
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1700,5061237570470507330,1302540807075552552,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10647192645561366624 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10647192645561366624 --renderer-client-id=2 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1700,5061237570470507330,1302540807075552552,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=3375098944914061431 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1700,5061237570470507330,1302540807075552552,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7153951524109278611 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7153951524109278611 --renderer-client-id=4 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1700,5061237570470507330,1302540807075552552,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13048974976482622221 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13048974976482622221 --renderer-client-id=5 --mojo-platform-channel-handle=2104 --allow-no-sandbox-job /prefetch:1
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,6196045898229528868,2002575593491885482,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer /prefetch:1 "C:\Users\user\Desktop\New PO 78564.pdf	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation -- "https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1700,5061237570470507330,1302540807075552552,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=10647192645561366624 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=10647192645561366624 --renderer-client-id=2 --mojo-platform-channel-handle=1716 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --field-trial-handle=1700,5061237570470507330,1302540807075552552,131072 --disable-features=VizDisplayCompositor --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --lang=en-US --gpu-preferences=KAAAAAAAAACAAwABAQAAAAAAAAAAAGAAAAAAAAEAAAAIAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAFAAAAEAAAAAAAAAAAAAAABgAAABAAAAAAAAAAAQAAAAUAAAAQAAAAAAAAAAEAAAAGAAAA --use-gl=swiftshader-webgl --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --service-request-channel-token=3375098944914061431 --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1700,5061237570470507330,1302540807075552552,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=7153951524109278611 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=7153951524109278611 --renderer-client-id=4 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process created: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --touch-events=enabled --field-trial-handle=1700,5061237570470507330,1302540807075552552,131072 --disable-features=VizDisplayCompositor --disable-gpu-compositing --service-pipe-token=13048974976482622221 --lang=en-US --disable-pack-loading --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.12.20035 Chrome/80.0.0.0" --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13048974976482622221 --renderer-client-id=5 --mojo-platform-channel-handle=2104 --allow-no-sandbox-job /prefetch:1	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1520,6196045898229528868,2002575593491885482,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons

Jump to behavior

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File created: C:\Users\user\AppData\Local\Temp\acrord32_sbx\A9Rmiqugx_184tvt1_4is.tmp

Jump to behavior

Source: classification engine

Classification label: mal76.phis.winPDF@44/292@12/11

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: AcroRd32.exe, 00000001.00000000.864201270.000000000B04F000.00000004.00000001.sdmp

Binary or memory string: SELECT COUNT(*) FROM sqlite_master WHERE type = 'table' AND ( name = 'IPMMessage' OR name ='GlobalState' OR name ='MsgAssetMap' OR name ='MessageProperties' OR name ='ControlMessages');

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

File opened: C:\Windows\SysWOW64\Msftedit.dll

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: New PO 78564.pdf	Initial sample: PDF keyword /JS count = 0
Source: New PO 78564.pdf	Initial sample: PDF keyword /JavaScript count = 0

Source: New PO 78564.pdf

Initial sample: PDF keyword endstream count = 439

Source: New PO 78564.pdf

Initial sample: PDF keyword /EmbeddedFile count = 0

Source: New PO 78564.pdf

Initial sample: PDF keyword endobj count = 444

Source: New PO 78564.pdf

Initial sample: PDF keyword stream count = 439

Source: New PO 78564.pdf

Initial sample: PDF keyword obj count = 444

Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: AcroRd32.exe, 00000001.00000000.867872530.000000000CAF5000.00000004.00000001.sdmp, AcroRd32.exe, 00000001.00000000.880890711.000000000CAF5000.00000004.00000001.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: AcroRd32.exe, 00000001.00000000.884903989.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.859148826.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.844454636.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.872269329.0000000005670000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: AcroRd32.exe, 00000001.00000000.884903989.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.859148826.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.844454636.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.872269329.0000000005670000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: AcroRd32.exe, 00000001.00000000.884903989.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.859148826.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.844454636.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.872269329.0000000005670000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: AcroRd32.exe, 00000001.00000000.884903989.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.859148826.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.844454636.0000000005670000.00000002.00020000.sdmp, AcroRd32.exe, 00000001.00000000.872269329.0000000005670000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Domain

Country

Flag

ASN

ASN Name

Malicious

52.44.125.193

earthy-unruly-shroud.glitch.me

United States

14618

AMAZON-AESUS

false

104.18.10.207

maxcdn.bootstrapcdn.com

United States

13335

CLOUDFLARENETUS

false

142.250.186.163

gstaticadssl.l.google.com

United States

15169

GOOGLEUS

false

51.210.32.106

i.ibb.co

France

16276

OVHFR

false

142.250.181.238

clients.l.google.com

United States

15169

GOOGLEUS

false

142.250.181.225

googlehosted.l.googleusercontent.com

United States

15169

GOOGLEUS

false

239.255.255.250

unknown

Reserved

unknown

false

142.250.184.205

accounts.google.com

United States

15169

GOOGLEUS

false

104.16.19.94

cdnjs.cloudflare.com

United States

13335

CLOUDFLARENETUS

false

192.168.2.1

127.0.0.1

Name

Active

gstaticadssl.l.google.com

142.250.186.163

true

accounts.google.com

142.250.184.205

true

cdnjs.cloudflare.com

104.16.19.94

true

earthy-unruly-shroud.glitch.me

52.44.125.193

true

maxcdn.bootstrapcdn.com

104.18.10.207

true

glitch.me

13.224.96.102

true

clients.l.google.com

142.250.181.238

true

googlehosted.l.googleusercontent.com

142.250.181.225

true

i.ibb.co

51.210.32.106

true

clients2.googleusercontent.com

unknown

clients2.google.com

unknown

ka-f.fontawesome.com

unknown

code.jquery.com

unknown

kit.fontawesome.com

unknown

Name

Malicious

Antivirus Detection

Reputation

https://i.ibb.co/1Rvzzk8/gmail1.png

false

high

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js

false

high

https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html

false

high

https://earthy-unruly-shroud.glitch.me/css/hover.css

false

high

https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1

false

high

https://earthy-unruly-shroud.glitch.me/favicon.ico

false

high

https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx

false

high

https://earthy-unruly-shroud.glitch.me/ikowthlodisgoods.html

false

high

https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard

false

high

https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css

false

high

https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js

false

high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\05349744be1ad4ad_0	data	E63FF2AE870EB6F50BDD45FF3A66C322	43391A33E9B54EB179CDF41E63FFF1FDB4420280	05D946F3C0A2419A13430DC278D8E9AC675662C71257BB2AC5931C3858F95C54
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0786087c3c360803_0	data	ED88520846F23985FD4CC1EF51434247	7A69F43AECC20A601D9D0B601EEAF7BDC526ECA4	F20DDD93503F0A9B0003692798298E3DE6DA64EBA4DB3F94B4C253F1D3CDF553
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0998db3a32ab3f41_0	data	41149B74942D8C92040CBFE372B6A6A9	C8D61254331200F700BD4A3918E52E61D3D62860	2C10B1B20E7B42CECBA0C9FB14FBA1884AB2BF1730D0492417A96A9A181025B9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0ace9ee3d914a5c0_0	data	960DC78127FE25E9485CFC1D1118221B	9C922EA1ABC9A8B01FCF2C4FB3D53562E6CE545E	0DCF25151AA18AD4E98BC45D79C7AAE4A6BD62F4CE3A554AC6F0ED7D8EE24070
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\0f25049d69125b1e_0	data	CE9E643A660F4CD442A4B7BBFD3C50CA	954F5A02E1BAFEF1EEDF016DB4D9A88C79665216	56B36719256EB8A035220E3CFDFED3EC74ABD84936459430D76695F8AA95176F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\230e5fe3e6f82b2c_0	data	9E7892394929B7D70DF42DE3D9E3154D	530A01944297EB2BB9F4E1E9A03CCD88877FD760	2D74020E6092A3426924A1F750895E2C4D98BCD9DFC8E3106306AA96562E5361
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2798067b152b83c7_0	data	C724CB6BC596496EBE6DC7E801E6A74F	989D7AB71AD293066BBEC894C83EBD83A39B9760	91AC8EF0C225652E5631D64CF7CC6B514D2F81D0CA15908C00F05486D9971A55
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\2a426f11fd8ebe18_0	data	1C729FFE12F74BCAD538A3C30B51A11B	F75595DB6FFD6B8B62EB3F06676D1291BAE4E26E	C974E0D0963D9C3D9ED236EEC659AFBA06C0565DC4A6798378DC540B71B7FB3D
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\3a4ae3940784292a_0	data	5A4D766BCC516B6E54787C8D65B58ED1	6D29F6518DC162038437C45D384A224F6D607C7B	2672E3CAC04CCF4E6356AB866D8881E8F16D7F3F28CCE0947383C6C46AEB3430
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\4a0e94571d979b3c_0	data	978CFD8C6BC7EC87B56C3DD675FB3624	AC7E65774CA785B0BD212DD74B05096B9EB1E78B	861E394F435B0B217947712F14C97C476431EE0A0030088F0DBD84BFB8D07480
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\560e9c8bff5008d8_0	data	F37E0D3B3916F0B71669F1707BD62F1D	13C5E478F1CAED5699E1CD264049D60981702F27	EFDE5AE3CA27B345A5F68C3C4FB55E53150DA2942F885DCC4AB3FACA572EE7E1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\56c4cd218555ae2b_0	data	D9A5E0EFEB98AEBFC0C9EDD18F87E763	A3A7D13663FA7CCD3DED2B57EA3D4534D733F148	EE3010662869193C5359227C0286F878BCB45A1A907CB208B9C7E8977B83E555
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\6fb6d030c4ebbc21_0	data	B53629181F97F87373E34365D14D7E6F	FCB652F769F4A3B8044C65788543847A08A6EFE1	3AAF951640F84298BD8B5DE33BC90AA3B0FB121162BFFEB0F9E1A17F1C53E4B7
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\7120c35b509b0fae_0	data	4EA081E996E72392335EE43C1AC880EB	A16E31FF10C94A85D9F8B5DCC74EABC8AEBA6E49	3DAC172444C04C81C69E7CC5AA68ED5F0A2D81A81155DF46B1B64A84561F2AAC
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\71febec55d5c75cd_0	data	94D9E06809F858DC1160828B7F4F6C17	343CAB091C667711474C7EB4DCAA0F730FDC63AD	1EF22CEA58A1907780BFC32AC2A92A9EDA4227515BC260D5618468251A07BC80
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\86b8040b7132b608_0	data	38D4C6720A0904029AA919D7EA55775C	72F7E65CDC531B649E45F319837CFA0099A29C7B	AA9BCF6C6CC1D1FDD074720BF33810D4EDC3A7B181775FAB8A5DBDA5B5399109
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c159cc5880890bc_0	data	84DEB93167844F2411FEDBA6C8C8B3A4	05ECFE3B9A1A27270F7E2DB19068628D339F7DAA	729C963833A806F8D93268189888526A44029621B96E93E46CA1A05D6260F2E1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8c84d92a9dbce3e0_0	data	77FFAAD53AC36BD5EF2DA710113E6603	3E3B58F7D346AC44A3CAA0F94A67449AAA501D9C	8F9F25A4480E2D69EADA618CA1D6044D5B7EA6B6A8948A8F1831702021579A0A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\8e417e79df3bf0e9_0	data	8997AF1585DE6C2739075238A92AEDD6	A57206E110495C312AF0A704C9AAD849A60D0E9C	48F728C1049A21BAC717DAB7A7F970CEE8147BE0BF54E52BDCE2C5C04E6BA372
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\91cec06bb2836fa5_0	data	3C5BC69D1A247E6C604DC28DE725D4A9	207A2DE8A29D97BF9921E5FA5B813696013093D5	27D3729ED3C3ED6C49ADB84F0394DC89A08DF92D6BF7F78F8C4F9E3EFA77C024
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\927a1596c37ebe5e_0	data	6DE08F1F12D6B806EF3EF3F22049BC33	704813F60CEBB7739E7A780D1D8D50E17281DD21	333FC85F3DD6B1D6D07CBF0B267E4BCB3AF3BA20B1382F88C50C4FE558176A18
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\92c56fa2a6c4d5ba_0	data	2D6A23DD39C52D7744D97840D0588F6B	AE7EC4989C3D5095429F32167A4F734B4E9059EF	CE905A3D9FE9666C883F9B2BEE16D457B3606A0208E4309CB2747466F8831457
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\946896ee27df7947_0	data	A04268D527D4D3C55C75CC8B885F4074	A91D21E6814C4EB70958F9023721BA203C665BC4	AC7A8BD27038C5793299C67BCE4789BB3E1548346420605993BC55C18C7EFB6A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\983b7a3da8f39a46_0	data	A460BD943791856A6E4412FF94E1C45C	B52C588AB6F80CDCFF72B1E41645E1CD818CF581	8AFD04FF3CB4F6E8CF46DEDB2F0F2FB47957578865CED15A65593EFF093E6B8C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\aba6710fde0876af_0	data	E870F2E50F37C573CF455B5FFA15532D	72D800ED673F8DFCE647A53567B5D6C49EC03B7B	B8C22CE1F0D919A2EA805E55CF9B22A790288AF2EECC839813DE00863C566708
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\b6d5deb4812ac6e9_0	data	E700DEC079EC4E0D1A4A0FB8FEE7AD80	1CC27101F71ED05367BB67C3D46A9F8BB1B008C4	250DE543CA64261AA103F0A3E49A1F9B287091A7AC220CDFA99CBB422DD6BEED
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bba29d2e6197e2f4_0	data	BFBB308DF001E011B136B92265F34DED	DD5D5253809ED9E608F499C989226AC6E230773C	5D73FAD6FFDD877C611E79D338884219413E032FF6D198499B1C15E5733DD628
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\bf0ac66ae1eb4a7f_0	data	6C492EABEC4100604A78C3BF7371CE51	47EC859E6DC0F326679A4BFE892BEDA33D0E2C75	A6A783D12170FC697F66D69D53699283A01C5D747C2B4325E20175F860858417
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\cf3e34002cde7e9c_0	data	9A2FD61F25EFDF3FE908BC23FDBC840E	A1B57CFB77D6807E927D215E4E1C5B1AFB5F20A0	2145E07D3749FE2829CCC9D28812E7EB96CA4AF15091A29EAC3C76C4845AF1F9
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d449e58cb15daaf1_0	data	9E9DE0A953BFC3BA7DC5AB709EB58603	335CA24A74444057C1547D599481E2CC3740F57A	0A31B7F977E8A4425BF75207132A0AA59CDA6FF5AE54ECF449525CF96F07F096
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\d88192ac53852604_0	data	6FA92D483DFE239121904E45D6848E4C	570C5273730DE47442A477CEF649A263A1E56094	C75046A8CD33130834D0152DEC630D5FDF83326DB43BD03B1BA81A3C31729BE1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\de789e80edd740d6_0	data	5D3D0D0124A0DED534AB0076DC9934C5	CE254E2EA0601180F30D5398F304FC49F07A0729	799352BE8E7FDEE279B3FBED047D5A8BAE9499269151B19EDD2DF3E81F1DB293
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f0cf6dfa8a1afa3d_0	data	9F3769D94E5B01C54D6EE639706DD0AE	0A679E9D0A116ADA8B0CE8C6E793D88774913C31	83BF177AE1E5D7D095027FA031C8096783B4B96A7526D986FAA3203DFEA4A10F
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f4a0d4ca2f3b95da_0	data	0A1B9A03B6CE2393AC25A982CD953FB1	F841A133CDFFE6DCE04795E825A2A746A84C3023	B227FD082EE7B88B257105D2474F11A567AE4C1DABC6957627DBCE366506C9D1
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f941376b2efdd6e6_0	data	31F118EB0F47E78B1D646122B98CF595	2E48C0C2B4FAC222AB4D4012E2B51C6C2D2ADAC1	E0841544C582ED1E521EB096748891DA8C08928028311181DE6B2AEEDC65FA9A
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\f971b7eda7fa05c3_0	data	19289E115F9A86C74EB75CA83D1A9375	E013B6363A7300D04EC48757B7E5F18CDB349982	1EAD4503F304BEED17692957BE2B9F4E62B368CB9575B61DBBFDC366F1074014
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fd17b2d8331c91e8_0	data	8A9B7DBE6E04F3392CBB423E8D64BDD1	7189198289D7A58B040B1F2CCF9964643A2DDDDC	28C42E39A19A334F7A71445C22B5A24F137B917356E7D0160D658743A4B88E3C
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\fdd733564de6fbcb_0	data	4206461FB5B8D2FF5FF62840958D2A0B	DEC9B95758AC252CD276DEC9A16C3D991DE0D681	F2895E02700313DFE06AF9628220D62B719EB6A37ED637DA017C455F63C16FD3
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\febb41df4ea2b63a_0	data	7719EF52180B79B1F2DAF7E4D7B96A9B	9FFE08A8F7D0FF5E10E4AB57DB9BC136977122C3	96E84B620CA4D5E6CDC7D681A4DF0C56423A1F6E5E5EF9063513F55344501D36
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\temp-index	Maple help database	077C9480D5E7E49540158D8ED25976C0	62172F78CF322FDCE3684B602E092CDEC8F09711	75EE03FF81CF33ACB8776C9F7F236A7F9081D7E33A1F039C22B6B7397E40D274
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Code Cache\js\index-dir\the-real-index (copy)	Maple help database	077C9480D5E7E49540158D8ED25976C0	62172F78CF322FDCE3684B602E092CDEC8F09711	75EE03FF81CF33ACB8776C9F7F236A7F9081D7E33A1F039C22B6B7397E40D274
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG	ASCII text	39A7AB90A19BD4FE2F34F7A5722767F8	FE220E0D891B8BF43B990B7AE43DC832A5D03CAB	2A14E363C6F19078B49EDC207F0740181956DEACD1E80DE9EF608E84773A4790
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)	ASCII text	39A7AB90A19BD4FE2F34F7A5722767F8	FE220E0D891B8BF43B990B7AE43DC832A5D03CAB	2A14E363C6F19078B49EDC207F0740181956DEACD1E80DE9EF608E84773A4790
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links	data	0A339004BCB425813505AE2871E61E20	9BDA040B5589E1B919A259DB212F4CE8E32AAA8F	46828E139BE167C9E36B556EB137571DE93A29930C366CE0666B1385BC106517
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-220114132921Z-193.bmp	PC bitmap, Windows 3.x format, 152 x -152 x 32	AEFEF517BB1F3D62C238D09E5CA7F5A5	ED37E176782F5CF309E26AACF57051210B14A384	CDA32A03F9256007D2B06DCEB07BA73BDCC16B4463A664A5BF3D2228E8BD13AF
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages	SQLite 3.x database, last written using SQLite version 3024000	1309DB263AEC73166B80F01750327910	85312AC427DCBAD1FDD0D6CC8DD9C9AC36EB14EA	AF9074BA599A19F5AE94BEB309B8C8AE1ADDFE8BA40BB948B765D0A40DB25B9F
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal	SQLite Rollback Journal	7B3920981DF132895CDB8F935E25FB35	E46507CFDFDEE3DA3CD672690D178CE9E12B3623	9ABE5D8554E4A34F5E035D0C0670C5763E498D81D4F95A44860487C6122926CC
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeCMapFnt19.lst (copy)	PostScript document text	4D5E3CD969F14362210F0473720C5528	AFD90E9888759B809F78E87D5550B601A288A0A3	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt16.lst.5860	PostScript document text	4D5E3CD969F14362210F0473720C5528	AFD90E9888759B809F78E87D5550B601A288A0A3	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst (copy)	PostScript document text	4D5E3CD969F14362210F0473720C5528	AFD90E9888759B809F78E87D5550B601A288A0A3	79D95D01FDE7FC7C890CD62734A7F203B12A5D44A56D6009D0E43E40D99682AE
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AcroFnt19.lst (copy)	PostScript document text	63B24EA3A13EAC476D6309BB202EF459	89502C393549C20C933E4553F51F74F3DBE085EF	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\AdobeFnt16.lst.5860	PostScript document text	63B24EA3A13EAC476D6309BB202EF459	89502C393549C20C933E4553F51F74F3DBE085EF	2B4BE0BED267BBD4E4FFFC912A6C7ED6A8D4735DCF9B69FF90F37CDDEF4110EA
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache.bin	data	0EB969D8CF50BFA2952F52C4C668F6A8	7CB09CD865FB248F544C500E55572AB1A9CF7B66	73C6F18A3E066B05090271CB1F32521FEEEE7C6CB350819DB2E859EB7C92BD2C
C:\Users\user\AppData\Local\Google\Chrome\User Data\43378467-9ab4-482f-a213-60dfa41f7910.tmp	ASCII text, with very long lines, with no line terminators	6790A6B0EFDDDE7FF0E18271F9B2E9E1	E2D2675A875B1FDA11DAE964376D93580667E01A	BCC9A9F3A1B3FF1C26E43D320F317B084F480B390EDEE0433F8466975176281D
C:\Users\user\AppData\Local\Google\Chrome\User Data\4fed042f-d7f2-4da4-b774-66b5c23256e5.tmp	ASCII text, with very long lines, with no line terminators	D2373B7107B1C915D6A32D701FD59BC6	FED1B726BCEF4F67A05E7BDC164E3E055C896ED8	5567856E1ABB77898172C1DA679EAF64169AF0A3A02C6417AD922D13FE12B09D
C:\Users\user\AppData\Local\Google\Chrome\User Data\6a817ab3-80d2-4ef6-9107-b88d74f3141e.tmp	data	9D65EB0406119F813A408A2C4226AF28	0CEDDDA05E4F1DFF0B5D050B0B67989E69C02F8F	CFDD97F26D1384662C0356C008BADBB419AD0AC79FDE8AA0E1D003DA9BDB8C3D
C:\Users\user\AppData\Local\Google\Chrome\User Data\7749c35a-a2b1-4dfb-9549-f6d4e376aec3.tmp	ASCII text, with very long lines, with no line terminators	6790A6B0EFDDDE7FF0E18271F9B2E9E1	E2D2675A875B1FDA11DAE964376D93580667E01A	BCC9A9F3A1B3FF1C26E43D320F317B084F480B390EDEE0433F8466975176281D
C:\Users\user\AppData\Local\Google\Chrome\User Data\8f0330fa-201f-44c0-a57f-87d2c2a3078d.tmp	data	5C3F94EB7CFC60B568B7ED70ED1AD9FE	FA2D058F50F4CBEB315E1E55A156BD6640EBE00D	77D0099F9956B21C8D999DDFC8AB5EED9498180658875D9C561438360BB5D9AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\8f46e80a-9e0c-4117-ad57-d53191fdb3de.tmp	ASCII text, with very long lines, with no line terminators	D2373B7107B1C915D6A32D701FD59BC6	FED1B726BCEF4F67A05E7BDC164E3E055C896ED8	5567856E1ABB77898172C1DA679EAF64169AF0A3A02C6417AD922D13FE12B09D
C:\Users\user\AppData\Local\Google\Chrome\User Data\93b53b7e-15c9-48a9-986d-4b38d48db416.tmp	SysEx File -	FA4EE73BDA2D1554CA71A4D0AAF398BE	75D3CC31992D17A6B1E5F306F23DAAAFB5CD456F	83BE20B622B2A72087B7CE3675157E82EA738F164F6C2654D9EB20EC592F1CB9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	7AE9008C2AA5ED3E5ED52743E082F5BF	CD90099842F51474494BFC490433578A89C1B539	94E7D9BF431A0E3F0FD02F0FBA7321F43DD8B523E3D32092AFC474D3FD5ABF62
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\120f20e8-107e-4bd8-a5a7-2c006d3d8548.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	27DE8B5641F33B172F40B087275EBC01	3A460FF4F0975E1B99D55DBDE5FAED1CD8D0ABC8	C70425993ABD2F25871C7F9CD2AFEA6E3447232C27CB5084FEF241BBA9949DC8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4c826a51-53b2-41ed-9020-b6b3891ac6e2.tmp	ASCII text, with very long lines, with no line terminators	B49890579D0EE4468E4FB4F5D33349C5	C87FB3850B6DECBC32E2EF6834FFF3F47A91E12B	0FABE81EF2FFAA448F561FA9176B8E68ECEA2A0B23E1815E2D4998AAA8C7DB93
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\4f505aec-3de1-4480-b2f4-90deb1dab647.tmp	ASCII text, with very long lines, with no line terminators	703ADAD6CAEE2A487E9429F2333CECC0	F94AF652FA6E747EEE4B5D82208714F2EBAC6CA0	988B0B70E08579B0EFCEB0164DFEC7419AFD59AD85383E685A079ADB7613C98F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\52049367-4d96-4f51-991f-600266388349.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	18759954531BBE3A12E5B8DDDF7904ED	C70E4CC5C0562D27D49E12A41E610A9B5A4A2EE8	381126703ABED2A7EA7E6658F22254645A7397132A8D4284406460A00408A69F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6bef7766-78c9-47e1-88ae-bd5f7c1fa23a.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	01E19CC0B631DDCF6BED49C69FCB5F5D	29695BF781D0E4AD32C5162FB156C57CAC2A19BF	C3C5B91E83CC6DB7B48BF7B344F156514E0C5D3A192599E1276BB23EA3A2FDC9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\844fff87-9d67-4728-978b-91f1e121a8f5.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\8a887c47-7ff1-4c66-8d44-ea5697258593.tmp	ASCII text, with very long lines, with no line terminators	494384A177157C36E9017D1FFB39F0BF	CE5D9754A70CD84CEE77C9180DB92C69715BE105	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\9bf5b333-1da0-46fb-b01e-66dc6953d045.tmp	ASCII text, with very long lines, with no line terminators	7B89B2C2F3D9E24CFDBD83E496E51806	6FDBA47AE32AB0C20F67B859458C8C991B6F2A1B	110C3DCEF974330766C3A90A6856B1C286D3FDFE915FB25AFA74A40D9A12A5F3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG	ASCII text	A4B1FABDC168ED3415B8392B3CA18F72	0ED028C76FB1684BAC88352659BF1482374B164A	880A0039C7737C31B074BCEDA03B87EBAAADD8C99A7C59CE61236F9B53E3B37B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old (copy)	ASCII text	A4B1FABDC168ED3415B8392B3CA18F72	0ED028C76FB1684BAC88352659BF1482374B164A	880A0039C7737C31B074BCEDA03B87EBAAADD8C99A7C59CE61236F9B53E3B37B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG	ASCII text	F3F1F7B7E16FF4C5658B25E4E67E2E48	698A4FAE50F86C7E9FFC0FFF3D066B4B6E9CAC87	13A320924A5A8281DF3A6669E91D738125DE087F67D9AE2F030BA886D89A5BCA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old. (copy)	ASCII text	F3F1F7B7E16FF4C5658B25E4E67E2E48	698A4FAE50F86C7E9FFC0FFF3D066B4B6E9CAC87	13A320924A5A8281DF3A6669E91D738125DE087F67D9AE2F030BA886D89A5BCA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0	data	F56178662C8EE8568F726FBCC3124FAF	BD01161C606488B3F2839BAFCDD938FA48A5BE47	CB9AEB4355322FB2D1B854203657B68DD7AF0A5EB765DCAD5B2DE3374656999A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1	data	5B0F1DBAD5F59392B9DFBA404AA0BE45	61CBC0650480C217B71EECEAC93FC1745692BE5C	1CE5DABB0C561E2170258C79EEEBC7D17A6F985B847DCC53DD8567560C94AB25
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2	data	D95172DBB2A6CBD9A405CF884D2BDA32	5BAA479FD1868BA6D68E426B9EE23DC99A666C0D	1A4ACDA97689125D209B0F1AFD5AB80538DB419A38493A8D5948708AB338494D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3	data	D0F5285ACDDB93F7F5372756C062DCAE	2689D327F1964AD4AE466F962A8D5F6AAC4BC5AB	4429F811E064018B5589C2191CCAC26C89EE9202FC9EBC006236622241B3C5B9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	861034A57F72A428F833D9A8C57FDB6C	FE4DE8A11179326A9123EE17DE6A7D05B1068EBB	CD7D1643DE768BAC3214CDBCF0F5FB08C0FA9F4D81E3EF431CF98569E4165494
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session	data	921AD277D37FFC7596164A427F8B40D2	0BCE6A0DA7C69D0088CF01878A92D56B9BDE7FF7	5263B8C2D1D32AD583A49595F449DBB91BEE885D5AF971085F2203663B3B8A0F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	4B02663C177BA8EA36FB2E49617CCC05	6E77145135116873842B1BEE6622B116CDA3CBB1	0FD0B4ED1B18A8A1C73736E3C74168C6102092E5AFD431CD36F7F222E578A1C9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	ASCII text	229CBA856201E41C464FCB7576E806F1	A9AADEE850001E3A407796DF6C5CFFA0FAABB738	74510C307D43AAD5B590FB7BC7FD3ABC7532D6E3A572E946A7F10D3AA4689203
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)	ASCII text	229CBA856201E41C464FCB7576E806F1	A9AADEE850001E3A407796DF6C5CFFA0FAABB738	74510C307D43AAD5B590FB7BC7FD3ABC7532D6E3A572E946A7F10D3AA4689203
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	531557DF3F473422DD0102A22E51FE15	E2048D9AD1D7E3AC2135A339A6FF91814A473501	FB89F5D2BDE68159700BDE0E306D9E5D5CFF0B0AF733603967D228BB9C286A93
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	ASCII text	5DD2EE3DF0163D5C3AAC894A49597E9A	89C4B5FF6D8E9C9D400BC8B03BF19037A2579F6E	C0F0970E8A77E8C4964106E5A2C47C05B1E76A766AC562A794CC8FDCCDED35F6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.oldh (copy)	ASCII text	5DD2EE3DF0163D5C3AAC894A49597E9A	89C4B5FF6D8E9C9D400BC8B03BF19037A2579F6E	C0F0970E8A77E8C4964106E5A2C47C05B1E76A766AC562A794CC8FDCCDED35F6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	6AE2135EA4583C2F06CDEBEA4AE70FA4	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	F3D0E722259A98FECC07C4D1F4C6D5B8	E5EE96D912BCE2CCF2307F2FA4166711C783ED79	2F8E55F5F8BB238EA39F5844194792656EE613E7F29A98DD78F37611FB5E6A16
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.oldJp (copy)	ASCII text	F3D0E722259A98FECC07C4D1F4C6D5B8	E5EE96D912BCE2CCF2307F2FA4166711C783ED79	2F8E55F5F8BB238EA39F5844194792656EE613E7F29A98DD78F37611FB5E6A16
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG	ASCII text	6787A6FF41592B61DF15A9202AEB1E3A	A38780AD94A9B2B0D0D1F8FE454479CEF852C1C0	F4225B2B8B3EC2475E36F23A446C6E7002D0A5A7DF732784206FD0DA02C11D6E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old (copy)	ASCII text	6787A6FF41592B61DF15A9202AEB1E3A	A38780AD94A9B2B0D0D1F8FE454479CEF852C1C0	F4225B2B8B3EC2475E36F23A446C6E7002D0A5A7DF732784206FD0DA02C11D6E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	ASCII text	5BFECC56A1A075D4640F51EA19F2B227	FFBD2CABEA2D020C78570FC29E293C6B6833B421	FF1AE2EAF308B8E521F5A8417740F03945D8F49ED7758D254C38B5426CB406F0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old (copy)	ASCII text	5BFECC56A1A075D4640F51EA19F2B227	FFBD2CABEA2D020C78570FC29E293C6B6833B421	FF1AE2EAF308B8E521F5A8417740F03945D8F49ED7758D254C38B5426CB406F0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3032001	1613F03DCA546F5C30B707213F6401FC	7906C75650B1D4581ABC7122088CC3982FD40C9A	37F7DBADA23002542F664256496F560EAD1B53A968321466A82D6742AF8104F6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	D29D75D02A7D8982C6E38D8D5CBC6B5E	AB93EC82E4D3F71FBADAD4BC4561B8E934EBA70C	6C1A29647A0A4C21ADE21C07399BF5F321C5EC584AE39283C42837C948CB1865
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal	data	3E252814F8C58331D15006EE2F96B2F2	2C1429C1BC242044FB7B46FD938B6B95F97848EB	2C3D712D034ECA0191ED93FD03DE11C55815C66D7DD953CC614A1DE3CE51CAEA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session.. (copy)	data	921AD277D37FFC7596164A427F8B40D2	0BCE6A0DA7C69D0088CF01878A92D56B9BDE7FF7	5263B8C2D1D32AD583A49595F449DBB91BEE885D5AF971085F2203663B3B8A0F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabs (copy)	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	data	8ECC841FF45EED70FC70F806960C8C67	3C4AF909E1F8C5668F18E69C24889CB721C37F33	5F8C2B5A56C1B617AE00483D07E4683F4951B15713C0C86A82EBDC7F9AF60AC0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	ASCII text	E6A562A6D2070CA55123688E51944195	F9AC961D62AA43B4E85BA9111EED1257B5278412	8A599B7BDDBE89CB2C24F2BE35F5B6CF300BA66700532E958B3721033227B6BD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old (copy)	ASCII text	E6A562A6D2070CA55123688E51944195	F9AC961D62AA43B4E85BA9111EED1257B5278412	8A599B7BDDBE89CB2C24F2BE35F5B6CF300BA66700532E958B3721033227B6BD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State. (copy)	ASCII text, with very long lines, with no line terminators	2139A1BB8524D4D150594895D877C668	04D3CC9A2548AD5B35C848F97420DD852A731E2C	2EBF81E2CDD5863963B54F753DA75B99598242AFAD1E702AE13A1ACE360B64B7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State3} (copy)	ASCII text, with very long lines, with no line terminators	494384A177157C36E9017D1FFB39F0BF	CE5D9754A70CD84CEE77C9180DB92C69715BE105	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG	ASCII text	210FC783DFB35B762915FD47833A9C02	7D5008DBBA090DF9567E563B7E8EDA4DB821352E	D7A664DE18E524439ADF9A46A2D504C8AEE4303DC96AC4C869CCB74B1E69591A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.old (copy)	ASCII text	210FC783DFB35B762915FD47833A9C02	7D5008DBBA090DF9567E563B7E8EDA4DB821352E	D7A664DE18E524439ADF9A46A2D504C8AEE4303DC96AC4C869CCB74B1E69591A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	B49890579D0EE4468E4FB4F5D33349C5	C87FB3850B6DECBC32E2EF6834FFF3F47A91E12B	0FABE81EF2FFAA448F561FA9176B8E68ECEA2A0B23E1815E2D4998AAA8C7DB93
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PreferencesMP (copy)	ASCII text, with very long lines, with no line terminators	703ADAD6CAEE2A487E9429F2333CECC0	F94AF652FA6E747EEE4B5D82208714F2EBAC6CA0	988B0B70E08579B0EFCEB0164DFEC7419AFD59AD85383E685A079ADB7613C98F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferencese (copy)	ASCII text, with very long lines, with no line terminators	7B89B2C2F3D9E24CFDBD83E496E51806	6FDBA47AE32AB0C20F67B859458C8C991B6F2A1B	110C3DCEF974330766C3A90A6856B1C286D3FDFE915FB25AFA74A40D9A12A5F3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3032001	AC7FCDFBF32B426FD10D7877EB3644EE	247C07B2E58E4CAEAE2648A2835876358FFCD163	DE6C24ADFED5BF7D2116EEA347C676EA5F1C1DAC0A1F9D77070C047D87C733F0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	57F74A0DCF2656F380B35F232E6BDDD4	6042EC7862D0E65D4DF1A75C52D93AB4491E8C4D	A64AEDAB0F255405AFCB4C1ADE48F5AC6DEB425EA8DFC5403D03C21CDB1644FD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.h (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	0424C554C812F19ED0CE3825B1745F83	76E31512AE8B3D119DDC7B6D4AD521BC9D80439E	4A1B13F3E806544E64D695F1E85C3EC7EE333BE185590C1D7D4E34B3E78C51CF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesMP (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	18759954531BBE3A12E5B8DDDF7904ED	C70E4CC5C0562D27D49E12A41E610A9B5A4A2EE8	381126703ABED2A7EA7E6658F22254645A7397132A8D4284406460A00408A69F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencesh (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	01E19CC0B631DDCF6BED49C69FCB5F5D	29695BF781D0E4AD32C5162FB156C57CAC2A19BF	C3C5B91E83CC6DB7B48BF7B344F156514E0C5D3A192599E1276BB23EA3A2FDC9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	data	B453AF4D9092A27EFD15ADDBD60AA45B	2756622CDAD7E6C3CF420C8CE310D6CF74D69EF4	3B29EF19B6DE76E245373F101D096D66DBBB86090065A09EA401103EA35C0EA5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	ASCII text	1269F84E753FAB334E48DCED33D3869C	AFEFCC20055F8325BB3BA31DFB466DAA07E1C9D8	3B22337363B16A680F05F42BFACBA4A2CA2B93BE8916FCFE063B9D44A56BDD41
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old. (copy)	ASCII text	1269F84E753FAB334E48DCED33D3869C	AFEFCC20055F8325BB3BA31DFB466DAA07E1C9D8	3B22337363B16A680F05F42BFACBA4A2CA2B93BE8916FCFE063B9D44A56BDD41
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG	ASCII text	BEDF9C6948DC113F33EE6FB047BDD933	40C1B3A6DCAFFA9619FA98066621E70C77E897F4	51DDD051C1C0733628624EEE24DD0E35B19167329D1A255FC554D5332237AD3E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldMP (copy)	ASCII text	BEDF9C6948DC113F33EE6FB047BDD933	40C1B3A6DCAFFA9619FA98066621E70C77E897F4	51DDD051C1C0733628624EEE24DD0E35B19167329D1A255FC554D5332237AD3E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\8e953aa0-d90c-473b-ad17-0f636d0729ab.tmp	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG	ASCII text	A4B3A665910045B4BA2837BEC1769BA7	2160EDCD54B9E4C9F52C4603B89DC7C223795C62	DAEC56C7C781C245B78CBC4B4455FA1C30057FA495B03C656D51A37BF295B3A0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	A4B3A665910045B4BA2837BEC1769BA7	2160EDCD54B9E4C9F52C4603B89DC7C223795C62	DAEC56C7C781C245B78CBC4B4455FA1C30057FA495B03C656D51A37BF295B3A0
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG	ASCII text	C4138F4E845987D11E3E2DE67FAD5478	93AE76871CF7254F511C35FA59242E5B2A6F7755	0D272E17120AFA0E2A6EF26C1A8E26BE5A59420E8DBE4346A9BF99B536B79172
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old.. (copy)	ASCII text	C4138F4E845987D11E3E2DE67FAD5478	93AE76871CF7254F511C35FA59242E5B2A6F7755	0D272E17120AFA0E2A6EF26C1A8E26BE5A59420E8DBE4346A9BF99B536B79172
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG	ASCII text	250F8677FE8EC1F3B764E44F3B760156	9AE86FEDA117618CEF6D2AFB6A0EAEB17C6995BD	3D5CFDB89144C4C2D59B975BC3679D37465A023D6A73D9876205F5C8AA894A98
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.olde/ (copy)	ASCII text	250F8677FE8EC1F3B764E44F3B760156	9AE86FEDA117618CEF6D2AFB6A0EAEB17C6995BD	3D5CFDB89144C4C2D59B975BC3679D37465A023D6A73D9876205F5C8AA894A98
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\0c8dca69-2ac9-473d-9d4b-1b60d291aa95.tmp	ASCII text, with very long lines, with no line terminators	B0429187E1BE99DE4D548DC5B2EDEA0A	B3E07BEE5D753BF1B613BD2DE665C7C21E8184F6	D8DABBF936DAB4F17437ECA255020EA847D76D6B789F9486010C95E995CFED03
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG	ASCII text	E76A9DA4EF2102F346AC1F130CDDFAC1	D15E6DC3B58BBBAF38483161A9163E7D5005EA30	01BCC58EA913A257BAE4217E5142631DBF097DA44E052E9719552BA7EC058564
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	E76A9DA4EF2102F346AC1F130CDDFAC1	D15E6DC3B58BBBAF38483161A9163E7D5005EA30	01BCC58EA913A257BAE4217E5142631DBF097DA44E052E9719552BA7EC058564
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent StateMP (copy)	ASCII text, with very long lines, with no line terminators	B0429187E1BE99DE4D548DC5B2EDEA0A	B3E07BEE5D753BF1B613BD2DE665C7C21E8184F6	D8DABBF936DAB4F17437ECA255020EA847D76D6B789F9486010C95E995CFED03
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG	ASCII text	7FE7F2697AC13366B9A756D769FD16D6	BC74225954559C915D80AEB9A90A2516BEEF6D0E	3E031418735C1473BB4F465CC3474C1BDDA331AD6F65F4C096713D238B1D51FC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old.. (copy)	ASCII text	7FE7F2697AC13366B9A756D769FD16D6	BC74225954559C915D80AEB9A90A2516BEEF6D0E	3E031418735C1473BB4F465CC3474C1BDDA331AD6F65F4C096713D238B1D51FC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	ASCII text	07CEC248548C663798AB44912948F4C1	E6C6D83D91D5F797EC18315C1C74F8A2EF57A30A	8DEA042F7C86D5FCF0F46B2DF2473EA215F221502B4394C5E4CB84B7FC668BCF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.olde/ (copy)	ASCII text	07CEC248548C663798AB44912948F4C1	E6C6D83D91D5F797EC18315C1C74F8A2EF57A30A	8DEA042F7C86D5FCF0F46B2DF2473EA215F221502B4394C5E4CB84B7FC668BCF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log	data	1F7F208858A1F652FA7AE45C3C7510C9	E3B7E0FB73EE579B9E8B6E29F9D9CCD783050A5D	81B396566964F665632A83714FF09AFE24C96E8E5401A588B943D721669DE6F4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	858E08B13DCF876818D1995B4FA9AFE2	8FB1130CA26309C06D7E93D8D1DBDB9FD2F8024C	97DD8190530C0CB4FCAB5D08A99E036E2750C1EB6A410A9135B80D9857CFAFD3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldg (copy)	ASCII text	858E08B13DCF876818D1995B4FA9AFE2	8FB1130CA26309C06D7E93D8D1DBDB9FD2F8024C	97DD8190530C0CB4FCAB5D08A99E036E2750C1EB6A410A9135B80D9857CFAFD3
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG	ASCII text	64C6664F82754A8EA508A275FEE0924A	EEF5EF81EB1F2FFE4F19E382FC21BF7F609D84C2	27A7046E616A2B89DE8B2FC3961A6DC95625FAA6A6438D0234DEEFE2B5F00340
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.oldn. (copy)	ASCII text	64C6664F82754A8EA508A275FEE0924A	EEF5EF81EB1F2FFE4F19E382FC21BF7F609D84C2	27A7046E616A2B89DE8B2FC3961A6DC95625FAA6A6438D0234DEEFE2B5F00340
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links	data	E4AA5DAC7DB7B14BB6D59FA9F6A92A3A	408368E0C5E5BD5ED693965558E4C194EA8F2B85	4AD795FC457C2F916AF3ECAD3583FA92F80A48B3D0D2EBB48836BD184893CC14
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\c596389c-bbec-4329-a09a-f0ad144063e4.tmp	ASCII text, with very long lines, with no line terminators	2139A1BB8524D4D150594895D877C668	04D3CC9A2548AD5B35C848F97420DD852A731E2C	2EBF81E2CDD5863963B54F753DA75B99598242AFAD1E702AE13A1ACE360B64B7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cb855a5c-1902-4cda-9ce7-17be74657dfd.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	0424C554C812F19ED0CE3825B1745F83	76E31512AE8B3D119DDC7B6D4AD521BC9D80439E	4A1B13F3E806544E64D695F1E85C3EC7EE333BE185590C1D7D4E34B3E78C51CF
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\cf0bdccf-23c9-4b74-9687-bf348c17b613.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	57F74A0DCF2656F380B35F232E6BDDD4	6042EC7862D0E65D4DF1A75C52D93AB4491E8C4D	A64AEDAB0F255405AFCB4C1ADE48F5AC6DEB425EA8DFC5403D03C21CDB1644FD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	ASCII text	F770124DAA936CBC0098852DF28BD615	9986529819A5EF1609EB92ECFBAF931F84AEA654	BD3B3F5F45332C31DC27201C24E01462120FB6017FA54F7C042A294E5165A60C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old. (copy)	ASCII text	F770124DAA936CBC0098852DF28BD615	9986529819A5EF1609EB92ECFBAF931F84AEA654	BD3B3F5F45332C31DC27201C24E01462120FB6017FA54F7C042A294E5165A60C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004	MPEG-4 LOAS	031D6D1E28FE41A9BDCBD8A21DA92DF1	38CEE81CB035A60A23D6E045E5D72116F2A58683	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\f6dcef24-ea5d-4234-b988-49fcf1e82d7b.tmp	ASCII text, with very long lines, with no line terminators	703ADAD6CAEE2A487E9429F2333CECC0	F94AF652FA6E747EEE4B5D82208714F2EBAC6CA0	988B0B70E08579B0EFCEB0164DFEC7419AFD59AD85383E685A079ADB7613C98F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	1BC570DFE1B1EC1F0F9737FD3DDDF2CA	BA1CD46894A95FBCC260073EA6D46707B1F6B9A6	93F3F70C4FDE3A99076C637132A1CBBEA2674224702840678275FBB0D778A893
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.oldol (copy)	ASCII text	1BC570DFE1B1EC1F0F9737FD3DDDF2CA	BA1CD46894A95FBCC260073EA6D46707B1F6B9A6	93F3F70C4FDE3A99076C637132A1CBBEA2674224702840678275FBB0D778A893
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	6790A6B0EFDDDE7FF0E18271F9B2E9E1	E2D2675A875B1FDA11DAE964376D93580667E01A	BCC9A9F3A1B3FF1C26E43D320F317B084F480B390EDEE0433F8466975176281D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local Staten (copy)	ASCII text, with very long lines, with no line terminators	2BC6561CCF90FA033B62EDC249FB3D21	704B4D31694DA65833210ED05C2B744840688901	5A91DF3CB926EB6AB512F2F6B16EF3EFA2037011BB0B0E96CD277B232D615F8A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local States} (copy)	ASCII text, with very long lines, with no line terminators	D2373B7107B1C915D6A32D701FD59BC6	FED1B726BCEF4F67A05E7BDC164E3E055C896ED8	5567856E1ABB77898172C1DA679EAF64169AF0A3A02C6417AD922D13FE12B09D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	5C3F94EB7CFC60B568B7ED70ED1AD9FE	FA2D058F50F4CBEB315E1E55A156BD6640EBE00D	77D0099F9956B21C8D999DDFC8AB5EED9498180658875D9C561438360BB5D9AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cachep (copy)	SysEx File -	FA4EE73BDA2D1554CA71A4D0AAF398BE	75D3CC31992D17A6B1E5F306F23DAAAFB5CD456F	83BE20B622B2A72087B7CE3675157E82EA738F164F6C2654D9EB20EC592F1CB9
C:\Users\user\AppData\Local\Google\Chrome\User Data\f52d2d8d-74d2-411b-87bb-6a10a081784b.tmp	ASCII text, with very long lines, with no line terminators	2BC6561CCF90FA033B62EDC249FB3D21	704B4D31694DA65833210ED05C2B744840688901	5A91DF3CB926EB6AB512F2F6B16EF3EFA2037011BB0B0E96CD277B232D615F8A
C:\Users\user\AppData\Local\Temp\14a5babe-e5cb-4966-b3bc-406d363192b9.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\23c31763-6182-4231-9faf-55576bbba878.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\b448837d-4a72-41aa-b408-98d7de8e589a.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\e64c3e8e-57ca-4bae-b7a9-62ea8f58e356.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\14a5babe-e5cb-4966-b3bc-406d363192b9.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\am\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	26330929DF0ED4E86F06C00C03F07CE3	478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C	621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\ar\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	44325A88063573A4C77F6EF943B0FC3E	78908D766F3E7A0E4545E7BD823C8ED47C7164EB	67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6911CE87E8C47223F33BEF9488272E40	980398F076BB7D451B18D7FDE2DE09041B1F55AD	273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\bn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F9DDF525C07251282A3BFFCEE9A09ABB	A343A078E804AF400A8F3E1891E3390DA754A5CD	C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A90CF7930E7C3BEC61EE252DEFAD574A	F630CA01114A7BDD39607CB84B8280CCE218A5C6	A533740E17559E2ADF40B4555C60F21EEC84E92C09CDBC19EED033A0B4DD2474
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	17E753EE877FDED25886D5F7925CA652	8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678	C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F08A313C78454109B629B37521959B33	3D585D52EC8B4399F66D4BE88CED10F4A034FCCC	23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	980FB419ED6ED94AD75686AFFB4E4C2E	871BFBCA6BCBA9197811883A93C50C0716562D57	585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	40EB778339005A24FF9DA775D56E02B7	B00561CC7020F7FE717B5F692884253C689A7C61	F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\en\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8351AF4EA9BDD9C09019BC85D25B0016	F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF	F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8A70C18BB1090AA4D500DE9E8E4A00EF	8AFC097FA956C1317DB0835348B2DA19F0789669	FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A62F12BCBA6D2C579212CA2FF90F8266	F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E	3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\fa\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	852BD3CFF960F1BC3A2AAB3CB3874EF9	C9F6F3C776542889FE3B67971D65ACFE048A3A0A	D87597B6C10364501B98AA42524843F109009CCEF022D8E0170440D7F144F4C6
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3902581B6170D0CEA9B1ECF6CC82D669	C8208AC2B1DD6D4F8BDAAE01C8BD71FFFA5A732B	D2A8180225A83A423BB6E17343DFA8F636D517154944002ED9240411B8C0C5E1
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\fil\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	59483AD798347B291363327D446FA107	C069F29BB68FA7BA2631B0BF5BBF313346AC6736	DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9B416146FE4F1403C2AACAC4DCF1A5C3	616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD	7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\gu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	68B03519786F71A426BAC24DECA2DD52	B8E6608932EC5CEC4BC3C5475BFC3E312D2E2E7D	C77A4D27E9E6CA25B9290056D93A656E3EBE975957E4C2EE9F0FB11B133D5CD4
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	20C86E04B1833EA7F21C07361061420A	617C0D70E162CF380005E9780B61F650B7A39F9B	C2C27CA242DBDE600BA3AA7782156BC2B190A64D8A1B51EDC8007BDECA139553
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3ED90E66789927D80B42346BB431431E	2B061E3271DF4255B1FFC47BDB207CDEC0D9724F	0B41E3C42414F72C9A12C05F8772597F9685115366A774C66018467AD4B71A74
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8E9FF7E49473C5734A2F6F0812E12EB3	A4F10DDD1580582533D5EB59EDF6D8048F887C81	6CDD2FB39ADECE00E88B989E464B05ED1414092D0492F6D0AE58D549BFD1A46A
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\id\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	7ADF9F2048944821F93879336EB61A78	C3DA74FB544684D5B250767BB0CB66FFB7C58963	3630947E1075E3663AD3E4824D0BE42CB47C0D615D8053E83B9595047C8BA9BE
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	BB3041A2B485B900F623E57459AE698A	502F5EA89F9FB0287E864B240EA39889D72053A4	025737EF8FA06706B3F26D0F52B4844244A6D33DAE1D82FEF2931A14C003D57E
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\iw\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	A991BEF47A83913A1E0EF06007D09198	80BA1E8FC3E9BE8A34F73E78CED8313E54F9CC96	0F95D8BF550F14B2B704CE42911F5BD23FA9FE28D0D301F66628848B27C760CB
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6F2CC1A6B258DF45F519BA24149FABDC	8A58C7880C6D22765DCBB6BCE22A192C1B109AE1	42ECFEE727CFC4F2845FEFDACE5EDC2E0A40AFAD69973A3B950CE653A7633342
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\kn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2E3239FC277287810BC88D93A6691B09	FC5D585DA00ADC90BF79109C7377BD55E6653569	5FC705AD19761204D8604EA069936A23731B055D51E7836CAAF16AC7719FBEEA
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	E303CD63AD00EB3154431DED78E871C4	3B1E5B8E2CF5EBDF5D33656EF80A46563F751783	FDE602BFDB1AFD282682DA5338C4F91D8A2F6CB5411DB8F62F4583D629CE67A6
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	93BBBE82F024FBCB7FB18E203F253429	83F4D80F64FA2ADCE6C515C5F663BD38A76C51DB	E7A8570922CCC4F2CA3721C4E61F426158C4E7BC90274FBC8BE4040FF8B6CA9B
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	388590CE5E144AE5467FD6585073BD11	61228673A400A98D5834389C06127589F19D3A30	05CA14196CA5D90B228C0F03684E03EBE403A3E7B513AE0A059244AE12B51164
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\ml\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2AF93901DE80CA49DA869188BCDA9495	E60DF4F2FB12BD3F1CA869DAD9F6BDE0C17CEB11	329E80AEE1212F634E180DEF7E16D6E38D9C9FDA9AC9DB1D99B8AE1626EF304E
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\mr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	659F5B4ACA112D3ECBB6EC1613DDE824	5DEE35FCD260554999F8DDEC489FBA9F81FA8EEE	C8B765E7A07578BC078A952E151E3B866506959E15E79E9E5E1DBB98F9C4008F
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\ms\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	09D75141E0D80FBD3E9E92CE843DA986	B24EAB4B1242C31B69514D77BC1DB36A3F648F40	8F1DBDEFD910AD88BEEC7956619CDB34391D6E69254C3A7497E8F87134AE8B5C
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	ED99169537909291BCC1ED1EA7BB63F0	5F72D51B6DBE8C622EF33D2B2AEBD7E9E20DAFB3	65B6598225ADA1E14EE9CB76CA863708E8F9EE0724B4EDC8F9508532BD631BAB
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\nl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	E9236F0B36764D22EEC86B717602241E	DE82B804B18933907095DEF3F2EF164C1BB5F9B6	300F4F7C45EBE39EAAF40776C28D0A399A710699AAB58E9A8D43A6FD2DD00376
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8254020C39A5F6C1716639CC530BB0D6	A97A70427581ADA902CA73C898825F7B4B4FAC8F	2F4E4FC6AEB4A8E7F0E0DCE220D66E763F4EBF1FA79985834D636C6692FEA3E8
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\pt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FABD5D64267F0E6D7BE6983AB8704F8C	D4DAAD0FF5C461C51E6C1FD22B86AFC5B13E123F	D82DCA262FF005668B252B478DEDAAC4A5C1E417AF9DE57C22F169A6680183AE
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	75E16A8FB75A9A168CFF86388F190C99	C27CE4C1DB3DF2D232925C73DC9AC1FA24DAD396	9C4716FF42A730F1E7725F0D9E703F311E79FDA31F85B4BB0B8863FC3C27AB9D
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8EF94823972EA8D2FC9BB7EC09AB1846	4171DC9CE9D82FDA5A280517A1FE58C907D75CE3	1009DB9FFA64E411B31E0780EBA43B9C9F8B05B5AC8CCA9A38514650261ABB0A
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C314FAC15AFF6A2EE9C732C64AB5A66D	D51F3362B5FDD2F3756DE42D7D6227DC818C6344	8EE2A25A09D6D0F89063FAA34BA2BC4DB505DD31FE6D5064C5D6E1E153721484
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F60AB4E9A79FD6F32909AFAC226446B3	07C9E383D4488BEBE316CA86966FC728F55A2E32	CDE581E6E7CF0136B003B45549E3BBEE7B67B74ADD786A8D5607BFDAD1DE7B87
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	4E233461D805CA7E54B0B394FFF42CAB	77F30833FC73A4C02C652C9E5A6EAFE9C3988A30	E1E1C64213EBF2CFEB7BA83E51B697CEA449B3A8B279B1024B859228DE869879
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	897DAE6B0CF0FDE42648F0B47CB26E06	E1F5F5F65AF34FF9484AB2B01E571EAF19BA23D0	52656C24F6F6D0F3B3FC01E9504C4D5CEB85624F1B22E974CA675DD0E94EB82D
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\sw\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	EC233129047C1202D87DC140F7BA266D	537E4C887428081365D028F32C53E3C92F29AAA6	28EDBC5C4858217811D45CAA215710E452C8926E4DE99F810001AD664D08BE0D
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\ta\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C50C5D2EDFC79DBDCBD5A58A027A3231	14314D760A18C39F06CD072CF5843832AFB86689	EEB0E89D5AD92B80FF08F88533A111DB3416D7C3860C64227D1CC8B7C2B58298
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\te\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F740F25488BE253FCF5355D5A7022CEE	203A8DF19BA5A602A43DE18E99A6615D950C450E	5B9C96CB5D62510836B321EB9CEEF23865BB9D4DC4DE7716E90A858E00701FDF
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9F926FCB8BAEA23453B99EA162CCDEA1	04D1E45591C0435A39DCA00A81E83E68585E8B64	100463C587F549C964A4EB21EA38EA1B4ADEF11E927FAC8FF884623B77202C02
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	B0420F071E7C6C2DE11715A0BF026C63	F41CC696786B18805DB8DC9E1E476146C0D6BE90	309F946F753DF6AF5C255D772EA0D429462152F78ABA4A96A2E369707A2C6B67
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FF06E78C06E8DFF4A422EA24F0AB3760	A434D1CE22DE0D2FD1842E94F5815F7B1972D1EE	E209FDEF12CCEC03B4E0D5B9464F90D527E62C5BC4DD565C680661D7F282AB02
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C3A40E8433D96D7E766C011D9EC7502B	EAB7BFAE48B1D29B95A8AE040DE94D3500824EE3	BD3D0F8CF100C96415B224011F550082D4516593CBD3631347748B7D6AD5B85A
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\zh\messages.json	UTF-8 Unicode text, with CRLF line terminators	D4513639FFC58664556B4607BF8A3F19	65629BC4CBBACA498F4082DD5884C8D3D7DDDC8A	C6D49997A9B4FF7FE701EC3644B1A523679A27778FB4BD39B7DBCA9F1ACCE595
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	494CE2ACB21A426E051C146E600E7564	D045ECC2A69C963D5D34A148FE4A7939DE6A1322	A1053F9496ED7FA3C625C94347F07A5E760F514FD8EE142EC9EE64E86B9C063D
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	934A5882214683DEDF130E1C7E513AFD	4CB84A956148E8F3739681546850996741FDF421	D87B0B61750D36CEE2647B59213BAAC8B046C9A929C396CAF36F61AF95939F63
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\angular.js	ASCII text, with very long lines	FCE26058E60BD1CF870623C640481A4F	F95B53ABA83D9F2B1206D79020887D8EF019B737	A9B552276ED7342DC92C240F98C68433E7C711436E285A88E0DE9520F3640925
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\background_script.js	ASCII text, with very long lines	47D5838CF5DB13E4E7EF71EC5FC940A1	6AAE6A72DADCD30F0C8D3095E90468996B59ABB7	E0F0E47CDFE7C7D6E6BB63A789D7C20B05AB8B3F6ADFDF07D08793437F2CCD42
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\cast_sender.js	ASCII text, with very long lines	BBEA05A7844E45C1CF7B7479506DBB0F	4E421EE2CE22E9E10D7CD9BBC0F9FD38C71716FA	BB77A95786B01BD9D9A0F96B6AEA759E4B4C7CF9275E6B11C819D3BEA867CD8B
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\common.js	ASCII text, with very long lines	B6B210313827B63A322E102627320835	03D4A5DDF7E68F51B73E5C5C1D852D5F50611B8D	35AD6DB342342660ECE38A8967145228E1458ADDDE750ED4F1DDE6A17F351A15
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\feedback.css	ASCII text	D8EE20737329319BFA1ACBB0E6C219A6	D24118D81990E1316CA809669ECB603724C6E7E2	A582FC20DBCAD1918000B690EB8F237EC14E5B836FD7F799C35702D88DBE6862
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\feedback.html	HTML document, ASCII text	0EFADA4B2A95CC2D4AE00F794759D763	FEC3BB7837BE805955601F8C211DC5BE1F16535D	8CB99506A2ED9BCC6E1A66E0F218524C91304B3EBFCA113D0FECBB3D80078D0D
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\feedback_script.js	ASCII text, with very long lines	26F3B1FE17AD7EA58FEB76414A2A9F61	00460DF77358708E951BCD745B388B49D81B7D30	56686B8D4F0A467D52EA03F503B6F8387742E9F8F3A90AD75C11BC9E3FF243D7
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\manifest.json	ASCII text, with very long lines, with CRLF line terminators	F76238944C3D189174DD74989CF1C0C6	85CE141EC8867B699668A5F5A48F404C84FCEB04	2EF48A1CF322DE356E8844DD2FD3431E8E7ACD04770649B6507EACA5ABDB53A7
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\material_css_min.css	ASCII text, with very long lines	76EAA4368ED0E83F45B725727414D0E2	CB3ABE758DD77E0AC48F9C9D23DB386E9E52E42E	3F94B4F2DDAE805F4863FE751B138CB77B24893E3EDE6822E72F0EE4624CD155
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\mirroring_cast_streaming.js	ASCII text, with very long lines	3B822402369E38423E0196F38666E4FF	46003805834146270C8CDD8DD3DC586B96F07962	E8A4514D5075DBF8D262D601E0BE56D2B9372E70E5F5FB8C6132DEC4D19F9C81
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\mirroring_common.js	ASCII text, with very long lines	654360FF7FDFFE33D5A6ACFBF724A756	5A6A3F657FDC63FA603EE25F98FD6EB75BBBFCD7	27116F53D9BF90CA864D92E03CD6DBD3346952109EBF7E4CBF4DD54555D4E92F
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\mirroring_hangouts.js	ASCII text, with very long lines	6F0D3D6150756440E05FCAB694D5AEEF	E1F15F2E825E41185EAEC2A2EC58A5832E28D50D	4FB517A0225506801DD60245B833914A99C78C2E929821BDA9072134EEB3C6E0
C:\Users\user\AppData\Local\Temp\scoped_dir6528_1183728351\CRX_INSTALL\mirroring_webrtc.js	ASCII text, with very long lines	D8C34BAD4274AD0795779A88CC53F14E	2E9F20B48CACF79627B231A42561198F369D9D34	7CF60CF47D4A4D56541E039BF74C10FBE945A6430AD7663C9F7595BFDDC801C8
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\user\AppData\Local\Temp\scoped_dir6528_852348550\b448837d-4a72-41aa-b408-98d7de8e589a.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82

ID:	553179
Product:	CloudBasic
Start time:	12:50:37
Start date:	14.01.2022
Sample:	New PO 78564.pdf
Cookbook:	defaultwindowspdfcookbook.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS
MD5:	aaa5d93c47d50bcedaad9be5d7be8372
SHA1:	eb1d1dc348e5f2c6a3fb3790fbc405442190ca73
SHA256:	55c3bed4ebc39a8f3e5abbc3a3be17878d0eed6f80bfa35798b6415481f67422
Filetype:	Adobe Portable Document Format (5005/1) 100.00%

Windows Analysis Report New PO 78564.pdf

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Software Vulnerabilities:

Networking:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

HIPS / PFW / Operating System Protection Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs