Windows Analysis Report https://docsend.com/view/wehe9k44ttwcf37k

Overview

General Information

Sample URL:	https://docsend.com/view/wehe9k44ttwcf37k
Analysis ID:	553197
Infos:
Most interesting Screenshot:

Detection

HTMLPhisher

Score:	60
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on shot template match)

Yara detected HtmlPhish7

Phishing site detected (based on image similarity)

None HTTPS page querying sensitive user data (password, username or email)

No HTML title found

Classification

Signatures

Phishing:

Phishing site detected (based on shot template match)

Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html

Matcher: Template: office matched

Yara detected HtmlPhish7

Source: Yara match

File source: 78387.0.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html

Matcher: Found strong image similarity, brand: Microsoft image: 78387.0.img.2.gfk.csv C3FC46C5799C76F9107504028F39190F

None HTTPS page querying sensitive user data (password, username or email)

Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html	HTTP Parser: Has password / email / username input fields
Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html	HTTP Parser: Has password / email / username input fields

No HTML title found

Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\5788_34262223\LICENSE.txt

Jump to behavior

Source: unknown	HTTPS traffic detected: 104.19.142.111:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.142.111:443 -> 192.168.2.4:49799 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /view/wehe9k44ttwcf37k HTTP/1.1Host: docsend.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.0.0/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.12.9/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: nullUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ac7524407d19ac9e670a3e3b7bd7ebc3.jpg HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /bbbae26246e9c09acb8668c7485acbf2.png HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /6eae75d87eebc05d2e882397e5ef8480.png HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /6a6271e3e40ab27f2c950c82f50136df.png HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /fd7eaf0bd6c8d714e717bc1285c33e61.png HTTP/1.1Host: i.gyazo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /ac7524407d19ac9e670a3e3b7bd7ebc3.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.gyazo.com
Source: global traffic	HTTP traffic detected: GET /ac7524407d19ac9e670a3e3b7bd7ebc3.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.gyazo.com
Source: global traffic	HTTP traffic detected: GET /bbbae26246e9c09acb8668c7485acbf2.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.gyazo.com
Source: global traffic	HTTP traffic detected: GET /6eae75d87eebc05d2e882397e5ef8480.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.gyazo.com
Source: global traffic	HTTP traffic detected: GET /6a6271e3e40ab27f2c950c82f50136df.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.gyazo.com
Source: global traffic	HTTP traffic detected: GET /fd7eaf0bd6c8d714e717bc1285c33e61.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.gyazo.com
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: data_3.1.dr	String found in binary or memory: Content-Security-Policy: default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' blob: https://d2qvtfnm75xrxf.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://.kissmetrics.com https://.kissmetrics.io https://api.segment.io https://cdn.segment.com https://.id.opendns.com https://www.google-analytics.com https://.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://.nr-data.net https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://risk.clearbit.com https://forms.hubspot.com https://.pubnub.com; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://.okta.com https://.oktapreview.com https://.jumpcloud.com https://.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; frame-src 'self' https://d2qvtfnm75xrxf.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://ifttt.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://d2qvtfnm75xrxf.cloudfront.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://.id.opendns.com https://js-agent.newrelic.com https://.nr-data.net https://www.youtube.com https://.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://.quora.com https://.bing.com https://api.autopilothq.com https://.capterra.com https://*.g.doubleclick.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.stripe.com https://checkout.stripe.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://maps.googleapis.com https://static.filestackapi.com https://risk.clearbit.com https:/
Source: data_3.1.dr	String found in binary or memory: Content-Security-Policy: default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' blob: https://d2qvtfnm75xrxf.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://.kissmetrics.com https://.kissmetrics.io https://api.segment.io https://cdn.segment.com https://.id.opendns.com https://www.google-analytics.com https://.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://.nr-data.net https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://risk.clearbit.com https://forms.hubspot.com https://.pubnub.com; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://.okta.com https://.oktapreview.com https://.jumpcloud.com https://.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; frame-src 'self' https://d2qvtfnm75xrxf.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://ifttt.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://d2qvtfnm75xrxf.cloudfront.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://.id.opendns.com https://js-agent.newrelic.com https://.nr-data.net https://www.youtube.com https://.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://.quora.com https://.bing.com https://api.autopilothq.com https://.capterra.com https://*.g.doubleclick.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.stripe.com https://checkout.stripe.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://maps.googleapis.com https://static.filestackapi.com https://risk.clearbit.com https:/
Source: data_3.1.dr	String found in binary or memory: Content-Security-Policy: default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' blob: https://d2qvtfnm75xrxf.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://.kissmetrics.com https://.kissmetrics.io https://api.segment.io https://cdn.segment.com https://.id.opendns.com https://www.google-analytics.com https://.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://.nr-data.net https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://risk.clearbit.com https://forms.hubspot.com https://.pubnub.com; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://.okta.com https://.oktapreview.com https://.jumpcloud.com https://.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; frame-src 'self' https://d2qvtfnm75xrxf.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://ifttt.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://d2qvtfnm75xrxf.cloudfront.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://.id.opendns.com https://js-agent.newrelic.com https://.nr-data.net https://www.youtube.com https://.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://.quora.com https://.bing.com https://api.autopilothq.com https://.capterra.com https://*.g.doubleclick.net https://js.hs-analytics.net https://js.hs-scripts.com https://js.hscollectedforms.net https://js.hsleadflows.net https://js.stripe.com https://checkout.stripe.com https://ajax.aspnetcdn.com https://appsforoffice.microsoft.com https://maps.googleapis.com https://static.filestackapi.com https://risk.clearbit.com https:/
Source: data_3.1.dr	String found in binary or memory: HTTP/1.1 302 FoundServer: nginxDate: Fri, 14 Jan 2022 12:22:18 GMTContent-Type: text/html; charset=utf-8X-Frame-Options: DENYLocation: https://nvish-my.sharepoint.com/:u:/p/preetika_sandhu/EYjLeUUJ8_lPnDPSOA8hPtYBoRDRfbQyKfagAoYl7N4vUA?download=1Cache-Control: no-cacheContent-Security-Policy: default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' blob: https://d2qvtfnm75xrxf.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://.kissmetrics.com https://.kissmetrics.io https://api.segment.io https://cdn.segment.com https://.id.opendns.com https://www.google-analytics.com https://.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://.nr-data.net https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://risk.clearbit.com https://forms.hubspot.com https://.pubnub.com; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://.okta.com https://.oktapreview.com https://.jumpcloud.com https://.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; frame-src 'self' https://d2qvtfnm75xrxf.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://ifttt.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://d2qvtfnm75xrxf.cloudfront.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://.id.opendns.com https://js-agent.newrelic.com https://.nr-data.net https://www.youtube.com https://.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://.quora.com https://.bing.com https://api.autopilothq.com https://.capterra.com https://*.g.doubleclick.net https://js.hs-analytics.net https://js.hs-scripts.
Source: data_3.1.dr	String found in binary or memory: HTTP/1.1 302 FoundServer: nginxDate: Fri, 14 Jan 2022 12:22:18 GMTContent-Type: text/html; charset=utf-8X-Frame-Options: DENYLocation: https://nvish-my.sharepoint.com/:u:/p/preetika_sandhu/EYjLeUUJ8_lPnDPSOA8hPtYBoRDRfbQyKfagAoYl7N4vUA?download=1Cache-Control: no-cacheContent-Security-Policy: default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' blob: https://d2qvtfnm75xrxf.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://.kissmetrics.com https://.kissmetrics.io https://api.segment.io https://cdn.segment.com https://.id.opendns.com https://www.google-analytics.com https://.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://.nr-data.net https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://risk.clearbit.com https://forms.hubspot.com https://.pubnub.com; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://.okta.com https://.oktapreview.com https://.jumpcloud.com https://.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; frame-src 'self' https://d2qvtfnm75xrxf.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://ifttt.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://d2qvtfnm75xrxf.cloudfront.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://.id.opendns.com https://js-agent.newrelic.com https://.nr-data.net https://www.youtube.com https://.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://.quora.com https://.bing.com https://api.autopilothq.com https://.capterra.com https://*.g.doubleclick.net https://js.hs-analytics.net https://js.hs-scripts.
Source: data_3.1.dr	String found in binary or memory: HTTP/1.1 302 FoundServer: nginxDate: Fri, 14 Jan 2022 12:22:18 GMTContent-Type: text/html; charset=utf-8X-Frame-Options: DENYLocation: https://nvish-my.sharepoint.com/:u:/p/preetika_sandhu/EYjLeUUJ8_lPnDPSOA8hPtYBoRDRfbQyKfagAoYl7N4vUA?download=1Cache-Control: no-cacheContent-Security-Policy: default-src 'self'; base-uri 'self'; child-src 'self' blob:; connect-src 'self' blob: https://d2qvtfnm75xrxf.cloudfront.net https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io https://nexus-long-poller-a.intercom.io https://nexus-long-poller-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://.intercomcdn.com https://uploads.intercomusercontent.com https://sessions.bugsnag.com https://notify.bugsnag.com https://.kissmetrics.com https://.kissmetrics.io https://api.segment.io https://cdn.segment.com https://.id.opendns.com https://www.google-analytics.com https://.g.doubleclick.net https://www.facebook.com https://api.autopilothq.com https://.filestackapi.com https://cdn.filestackcontent.com https://s3.amazonaws.com https://.nr-data.net https://browser.pipe.aria.microsoft.com https://checkout.stripe.com https://risk.clearbit.com https://forms.hubspot.com https://.pubnub.com; font-src 'self' https: data: chrome-extension:; form-action 'self' https://docsend.com https://.docsend.com https://intercom.help https://api-iam.intercom.io https://accounts.google.com https://www.linkedin.com https://.salesforce.com https://www.dropbox.com https://accounts.logme.in https://secure.join.me https://.okta.com https://.oktapreview.com https://.jumpcloud.com https://.onelogin.com https://zapier.com https://ifttt.com https://www.facebook.com; frame-src 'self' https://d2qvtfnm75xrxf.cloudfront.net https://js.stripe.com https://checkout.stripe.com https://www.youtube.com https://player.vimeo.com https://.g.doubleclick.net https://tpc.googlesyndication.com https://www.facebook.com https://telemetryservice.firstpartyapps.oaspapps.com https://ifttt.com; img-src 'self' https: data: blob: chrome-extension:; media-src 'self' data: https://d2qvtfnm75xrxf.cloudfront.net https://js.intercomcdn.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' 'strict-dynamic' https://d2qvtfnm75xrxf.cloudfront.net https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://.google-analytics.com https://cdn.segment.com https://scripts.kissmetrics.com https://.id.opendns.com https://js-agent.newrelic.com https://.nr-data.net https://www.youtube.com https://.ytimg.com https://vimeo.com https://www.vimeo.com https://www.googletagmanager.com https://www.googleadservices.com https://tagmanager.google.com https://connect.facebook.net https://.quora.com https://.bing.com https://api.autopilothq.com https://.capterra.com https://*.g.doubleclick.net https://js.hs-analytics.net https://js.hs-scripts.
Source: Ruleset Data.0.dr	String found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr, Ruleset Data.0.dr	String found in binary or memory: www.facebook.com/ajax/ads/ equals www.facebook.com (Facebook)
Source: Filtering Rules.0.dr	String found in binary or memory: www.facebook.com0 equals www.facebook.com (Facebook)

Source: angular.js.0.dr	String found in binary or memory: http://angularjs.org
Source: angular.js.0.dr	String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=CEIr4UHtOeQmckO0jK9PJ7dTvg9tmO49mG8jqWFDYIiau38cFR%2FBbOb2w
Source: Reporting and NEL.1.dr	String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=eP%2FfbPaEPDTz7Yu9LGh2kyM7x2Cc2lHqsIG8uQBocLr0RnXSbeSu%2FU1
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, manifest.json0.0.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://ajax.googleapis.com
Source: data_1.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: data_3.1.dr	String found in binary or memory: https://api-iam.intercom.io
Source: data_3.1.dr	String found in binary or memory: https://api-ping.intercom.io
Source: data_3.1.dr	String found in binary or memory: https://api.intercom.io
Source: data_3.1.dr	String found in binary or memory: https://api.segment.io
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, manifest.json0.0.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.0.dr	String found in binary or memory: https://apis.google.com/js/client.js
Source: mirroring_common.js.0.dr	String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: data_3.1.dr	String found in binary or memory: https://cdn.segment.com
Source: data_1.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js
Source: data_1.1.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.jsy
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.0.dr, mirroring_cast_streaming.js.0.dr	String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json1.0.dr, manifest.json0.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://clients6.google.com
Source: data_1.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: data_1.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js&
Source: data_1.1.dr	String found in binary or memory: https://code.jquery.com/jquery-3.2.1.slim.min.js
Source: manifest.json0.0.dr	String found in binary or memory: https://content.googleapis.com
Source: mirroring_cast_streaming.js.0.dr, common.js.0.dr	String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/.
Source: LICENSE.txt.0.dr	String found in binary or memory: https://creativecommons.org/compatiblelicenses
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushers
Source: data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/hosted-libraries-pushersCross-Origin-Opener-Policy:
Source: Reporting and NEL.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: data_3.1.dr	String found in binary or memory: https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers
Source: data_3.1.dr	String found in binary or memory: https://d2qvtfnm75xrxf.cloudfront.net
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, ba646a7b-97e8-421e-8e10-deb7581900b7.tmp.1.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr, 79e87fe8-a749-4581-8461-740feecda53f.tmp.1.dr	String found in binary or memory: https://dns.google
Source: mirroring_common.js.0.dr	String found in binary or memory: https://docs.google.com
Source: History.0.dr	String found in binary or memory: https://docsend.com/view/wehe9k44ttwcf37k
Source: LICENSE.txt.0.dr	String found in binary or memory: https://easylist.to/)
Source: manifest.json0.0.dr	String found in binary or memory: https://feedback.googleusercontent.com
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: data_1.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Yellowtail&display=swap
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.googleapis.com;
Source: data_3.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: data_1.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/yellowtail/v11/OZpGg_pnoDtINPfRIlLohlvHwQ.woff2)
Source: manifest.json0.0.dr	String found in binary or memory: https://fonts.gstatic.com;
Source: material_css_min.css.0.dr, angular.js.0.dr	String found in binary or memory: https://github.com/angular/material
Source: LICENSE.txt.0.dr	String found in binary or memory: https://github.com/easylist)
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: data_2.1.dr	String found in binary or memory: https://gyazo.com
Source: data_2.1.dr	String found in binary or memory: https://gyazo.comAge:
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json0.0.dr	String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: data_1.1.dr	String found in binary or memory: https://i.gyazo.com/6a6271e3e40ab27f2c950c82f50136df.png
Source: data_1.1.dr	String found in binary or memory: https://i.gyazo.com/6a6271e3e40ab27f2c950c82f50136df.pngb
Source: data_1.1.dr	String found in binary or memory: https://i.gyazo.com/6eae75d87eebc05d2e882397e5ef8480.png
Source: data_1.1.dr, Favicons.0.dr	String found in binary or memory: https://i.gyazo.com/ac7524407d19ac9e670a3e3b7bd7ebc3.jpg
Source: data_1.1.dr	String found in binary or memory: https://i.gyazo.com/bbbae26246e9c09acb8668c7485acbf2.png
Source: data_1.1.dr	String found in binary or memory: https://i.gyazo.com/fd7eaf0bd6c8d714e717bc1285c33e61.png
Source: data_3.1.dr	String found in binary or memory: https://ka-f.fontawesome.com
Source: data_1.1.dr	String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251
Source: data_1.1.dr	String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free-v4-shims.min.css?token=585b051251kf
Source: data_1.1.dr	String found in binary or memory: https://ka-f.fontawesome.com/releases/v5.15.4/css/free.min.css?token=585b051251
Source: data_3.1.dr	String found in binary or memory: https://kit.fontawesome.com
Source: data_1.1.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js
Source: data_1.1.dr	String found in binary or memory: https://kit.fontawesome.com/585b051251.js/
Source: data_1.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css
Source: data_1.1.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js
Source: mirroring_common.js.0.dr	String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.0.dr	String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: data_3.1.dr	String found in binary or memory: https://nexus-long-poller-a.intercom.io
Source: data_3.1.dr	String found in binary or memory: https://nexus-long-poller-b.intercom.io
Source: data_3.1.dr	String found in binary or memory: https://nexus-websocket-a.intercom.io
Source: data_3.1.dr	String found in binary or memory: https://nexus-websocket-b.intercom.io
Source: data_3.1.dr	String found in binary or memory: https://notify.bugsnag.com
Source: data_3.1.dr, History.0.dr	String found in binary or memory: https://nvish-my.sharepoint.com/:u:/p/preetika_sandhu/EYjLeUUJ8_lPnDPSOA8hPtYBoRDRfbQyKfagAoYl7N4vUA
Source: data_1.1.dr, 000003.log2.0.dr, INV copy #HC9034010 Doc#01921.html_Zone.Identifier.4.dr, History.0.dr	String found in binary or memory: https://nvish-my.sharepoint.com/personal/preetika_sandhu_nvish_com/Documents/INV%20copy%20%23HC90340
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json1.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json1.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_3.1.dr	String found in binary or memory: https://sessions.bugsnag.com
Source: data_3.1.dr	String found in binary or memory: https://spo.nel.measure.office.net/api/report?tenantId=3af9fb4a-8ae3-4db0-8cc9-a35c2c513f68&destinat
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: messages.json41.0.dr, messages.json15.0.dr, messages.json5.0.dr, messages.json7.0.dr, feedback.html.0.dr, messages.json23.0.dr, messages.json61.0.dr, messages.json62.0.dr, messages.json75.0.dr, messages.json59.0.dr, messages.json27.0.dr, messages.json79.0.dr, messages.json44.0.dr, messages.json46.0.dr, messages.json39.0.dr, messages.json0.0.dr, messages.json88.0.dr, messages.json14.0.dr, messages.json76.0.dr, messages.json.0.dr, messages.json80.0.dr, messages.json43.0.dr, messages.json28.0.dr, messages.json10.0.dr, messages.json9.0.dr, messages.json8.0.dr, messages.json78.0.dr, messages.json2.0.dr, messages.json60.0.dr, messages.json77.0.dr, messages.json11.0.dr, messages.json64.0.dr, messages.json26.0.dr, messages.json6.0.dr, messages.json1.0.dr, messages.json22.0.dr, messages.json58.0.dr, messages.json12.0.dr, messages.json4.0.dr, messages.json40.0.dr, messages.json45.0.dr, messages.json24.0.dr, messages.json65.0.dr, messages.json20.0.dr, messages.json3.0.dr, messages.json13.0.dr, messages.json63.0.dr, messages.json47.0.dr, messages.json42.0.dr, messages.json21.0.dr	String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json41.0.dr, messages.json15.0.dr, messages.json5.0.dr, messages.json7.0.dr, feedback.html.0.dr, messages.json23.0.dr, messages.json61.0.dr, messages.json62.0.dr, messages.json75.0.dr, messages.json59.0.dr, messages.json27.0.dr, messages.json79.0.dr, messages.json44.0.dr, messages.json46.0.dr, messages.json39.0.dr, messages.json0.0.dr, messages.json88.0.dr, messages.json14.0.dr, messages.json76.0.dr, messages.json.0.dr, messages.json80.0.dr, messages.json43.0.dr, messages.json28.0.dr, messages.json10.0.dr, messages.json9.0.dr, messages.json8.0.dr, messages.json78.0.dr, messages.json2.0.dr, messages.json60.0.dr, messages.json77.0.dr, messages.json11.0.dr, messages.json64.0.dr, messages.json26.0.dr, messages.json6.0.dr, messages.json1.0.dr, messages.json22.0.dr, messages.json58.0.dr, messages.json12.0.dr, messages.json4.0.dr, messages.json40.0.dr, messages.json45.0.dr, messages.json24.0.dr, messages.json65.0.dr, messages.json20.0.dr, messages.json3.0.dr, messages.json13.0.dr, messages.json63.0.dr, messages.json47.0.dr, messages.json42.0.dr, messages.json21.0.dr	String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: data_3.1.dr	String found in binary or memory: https://uploads.intercomusercontent.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: data_3.1.dr	String found in binary or memory: https://www.google-analytics.com
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, manifest.json0.0.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json1.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.0.dr	String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.0.dr	String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json0.0.dr	String found in binary or memory: https://www.google.com;
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, craw_window.js.0.dr, craw_background.js.0.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json1.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.0.dr	String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.0.dr	String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.0.dr	String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp.1.dr, 362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp.1.dr	String found in binary or memory: https://www.gstatic.com
Source: common.js.0.dr	String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json0.0.dr	String found in binary or memory: https://www.gstatic.com;

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: unknown	HTTPS traffic detected: 104.19.142.111:443 -> 192.168.2.4:49798 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.19.142.111:443 -> 192.168.2.4:49799 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\6228fa69-d4d5-438c-8339-b0560fb87ff1.tmp

Jump to behavior

Source: classification engine

Classification label: mal60.phis.win@38/268@12/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://docsend.com/view/wehe9k44ttwcf37k
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,9995313933496677879,8086191513530868845,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1560,9995313933496677879,8086191513530868845,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4740 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,9995313933496677879,8086191513530868845,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1560,9995313933496677879,8086191513530868845,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4740 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1560,9995313933496677879,8086191513530868845,131072 --lang=en-GB --service-sandbox-type=none --enable-audio-service-sandbox --mojo-platform-channel-handle=4740 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Family,VirtualizationFirmwareEnabled FROM Win32_Processor

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E16AF6-169C.pma

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\5788_34262223\LICENSE.txt

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.238	clients.l.google.com	United States	15169	GOOGLEUS	false
3.220.57.224	docsend.com	United States	14618	AMAZON-AESUS	false
142.250.184.205	accounts.google.com	United States	15169	GOOGLEUS	false
142.250.186.163	gstaticadssl.l.google.com	United States	15169	GOOGLEUS	false
104.19.142.111	i.gyazo.com	United States	13335	CLOUDFLARENETUS	false
142.250.181.225	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.16.19.94	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.1
192.168.2.5
127.0.0.1

Contacted Domains

Name	IP	Active
gstaticadssl.l.google.com	142.250.186.163	true
accounts.google.com	142.250.184.205	true
cdnjs.cloudflare.com	104.16.19.94	true
i.gyazo.com	104.19.142.111	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
clients.l.google.com	142.250.181.238	true
docsend.com	3.220.57.224	true
googlehosted.l.googleusercontent.com	142.250.181.225	true
nvish-my.sharepoint.com	unknown	unknown
clients2.googleusercontent.com	unknown	unknown
clients2.google.com	unknown	unknown
ka-f.fontawesome.com	unknown	unknown
code.jquery.com	unknown	unknown
kit.fontawesome.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://i.gyazo.com/6eae75d87eebc05d2e882397e5ef8480.png	false	high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/js/bootstrap.min.js	false	high
https://i.gyazo.com/ac7524407d19ac9e670a3e3b7bd7ebc3.jpg	false	high
https://i.gyazo.com/fd7eaf0bd6c8d714e717bc1285c33e61.png	false	high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false	high
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx	false	high
https://i.gyazo.com/bbbae26246e9c09acb8668c7485acbf2.png	false	high
https://i.gyazo.com/6a6271e3e40ab27f2c950c82f50136df.png	false	high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false	high
https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0/css/bootstrap.min.css	false	high
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.12.9/umd/popper.min.js	false	high
file:///C:/Users/user/Downloads/INV%20copy%20%23HC9034010%20Doc%2301921.html	true	low
https://docsend.com/view/wehe9k44ttwcf37k	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Google\Chrome\User Data\0407f24f-ab33-4d1e-b844-884d5f6fbd91.tmp	ASCII text, with very long lines, with no line terminators	B88707F12F1AC5FCA1E69F5D5E961930	DAF03B04F5ED46CC9D06306AC0709D14381A4D0C	B3D35566E1604AEB07A14AE1746A2CF6C5BBEB1EA3D552985692CE37E1E98A0A
C:\Users\user\AppData\Local\Google\Chrome\User Data\0696cacd-5753-4446-9a70-56a04bc49666.tmp	data	B5E7B65F3B6F3F085BE6E40F2F678296	6E2FC5B00FE492B3ECEEF7976865D3122092DA32	21099FCC4687CCE7EE668562358C28C5E3781BBC43BBDBC36F45E9BC045E3845
C:\Users\user\AppData\Local\Google\Chrome\User Data\1f7e8036-bc9f-4167-adb6-79b799900167.tmp	data	AEE0ECEB3DC44F2132F9D26AA2C645FE	329EA37F2549323D000C1C4567C106C26BE7F51B	268DF1FFBC699C5D728A4CDD7CCDC4AD5E85A96CD803B739CCF0E78E325A1469
C:\Users\user\AppData\Local\Google\Chrome\User Data\28417856-fdd9-44a0-9a15-16a4aa742c69.tmp	ASCII text, with very long lines, with no line terminators	CB2E8E25E01A498FCDE381FBD890656A	4EDEF81510A3CD9591BFD2F11ECB72D58DA4A81A	960B1396B7E2D5AC539CF26C2EF936E21F21153CAD70EF31AB7D0D904CF04BA6
C:\Users\user\AppData\Local\Google\Chrome\User Data\302e3f27-2b13-4c48-a55f-ef6d59e528d9.tmp	ASCII text, with very long lines, with no line terminators	0B7722A0047FAF939DD0E8E506AD9D25	17BA18694A0F1EEC18A0ECFF8669E7E93C1219F9	FD4D909827CF1F2101A5E0C34DD8777C9844EA8F9F99A8D8D486933E0C53E749
C:\Users\user\AppData\Local\Google\Chrome\User Data\54927920-dfc4-446e-9fd7-35eff0a0a837.tmp	ASCII text, with very long lines, with no line terminators	61740B9D237668C127987710868270C5	54877276B73C6F2B47E00D5A600DFE9A862AE6EB	C80AE5A973BD8F352F458F4209CF6786BD2D58444B23690C7A66E619ABB2E71D
C:\Users\user\AppData\Local\Google\Chrome\User Data\8cf11829-795f-4fa9-9000-44e75fe7b08e.tmp	ASCII text, with very long lines, with no line terminators	0B7722A0047FAF939DD0E8E506AD9D25	17BA18694A0F1EEC18A0ECFF8669E7E93C1219F9	FD4D909827CF1F2101A5E0C34DD8777C9844EA8F9F99A8D8D486933E0C53E749
C:\Users\user\AppData\Local\Google\Chrome\User Data\8db42b32-ecf6-4f3f-a580-b0d6ffb7673b.tmp	ASCII text, with very long lines, with no line terminators	D1B1626EDA7343436D588C165EA1E289	F8D32548E1D491DF70352A359717F33A1EA5DD86	BE67B888F6F4EC5186B7D5AF2B161DBAF7E90C66FFA18B902EB7A33A0CC1EBF7
C:\Users\user\AppData\Local\Google\Chrome\User Data\95bf14a4-5e4a-4744-94d8-5d407f7fa8c1.tmp	ASCII text, with very long lines, with no line terminators	E245E86FF990A71270E1327B76C6A1D6	F19E1BB0CDCABB62CB3DF8F0B8F671D56D33DA71	B470E6BD3F532CEBE0040C71D2B80BB9B1952D943AA370D58AF3B33F9EDFFE2E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	7AE9008C2AA5ED3E5ED52743E082F5BF	CD90099842F51474494BFC490433578A89C1B539	94E7D9BF431A0E3F0FD02F0FBA7321F43DD8B523E3D32092AFC474D3FD5ABF62
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000001.dbtmp	ASCII text	46295CAC801E5D4857D09837238A6394	44E0FA1B517DBF802B18FAF0785EEEA6AC51594B	0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000002.dbtmp	ASCII text	206702161F94C5CD39FADD03F4014D98	BD8BFC144FB5326D21BD1531523D9FB50E1B600A	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\000003.log	data	49C0BA141AAD45BD56F0CBD0C8A60655	D6324163227806DE86A252FE11574597986A5CD2	FB91809D0FEB1F9FDD11766A02C9A30452EDB2B86D042D2CDED29BFD07C42295
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\171ca26e-2c51-4797-837c-cb1b26d48870.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	7BDEEFEF9405FC6044B3A6D84C588E56	1974E1958BD20FE55FE7028C08CD7D8F26638539	2DCF37D51B0578FBEC2DFB0DAEBF756340E04246D00427F2A2055E703CCB0B5F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\23a5e823-4530-42eb-9d9a-92470e50f862.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	C2688F3BF9E8F543653ABA2FBFEBAF88	AD7312E14076040B14E572CD96B58A9E010EA655	27A3A4B3F00E8795176718A4370E7083A7C13DFAAC6473C2AA4C98D6532CB1D4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\251d4614-8feb-4fbc-8dd9-cc65f029fdb5.tmp	ASCII text, with very long lines, with no line terminators	77B441C651A6F896D03E7EA6375D0BBF	E0ECEA580F9472D6FDEEA21D428734CD15DB3E72	E2425EFA3D641EF105476DE963662F0A9B933E01A70F96AC93B3EECED7863D2B
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\362c0ad8-0d96-4c07-90e7-09d5e3e9c8a8.tmp	ASCII text, with very long lines, with no line terminators	74EFD4E89AB8B48A0AECB6D074C00B67	1CECB1651EBC6DB2E6CEC7FAFEED2C90A1048181	CCE217531BAB1FDBF60A61F462799FADD0188421FD23FE417742CD29B8750EA9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\3bb09e3f-1013-4045-96e6-67fa84d2dd9b.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	E72F9D1945E1FFDF4286F6A3ACD3507D	0443E9B8EF1A2B85CD866B14F75FE82621E69DAF	A30D8E847D9F3428AF4A18F0BE384B7B913EF9CC5675CB9545BA80A1E3DF9684
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5e994ff3-2af2-43d2-8fa0-2129a01fee56.tmp	ASCII text, with very long lines, with no line terminators	494384A177157C36E9017D1FFB39F0BF	CE5D9754A70CD84CEE77C9180DB92C69715BE105	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\828f0818-d698-4fc3-87ce-d564ff577c19.tmp	ASCII text, with very long lines, with no line terminators	46C8C98CB8530CD1B084EE7A1ED9CC67	1311CFD3D6D455EBBAC340601BA9BE985A65CC02	621896623A399420F0259D5A5987190D1116E28C331C5F01EFDA4CB582A3FC40
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\93c87da2-c360-42a3-8c51-cd5592961e5a.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\99459600-22ac-46d3-af05-dc381132f708.tmp	ASCII text, with very long lines, with no line terminators	BCBA2F8E5F250E1B70BE970F65830328	BA2C0180124068FCF766456E3B6AC09E503F9766	C9BCA867C1024049157AD5E03FE0D060CB7A3F9FD9F4CBA002E6330D51913F9E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG	ASCII text	87F4C5D8AC80740D34E2090506A672E0	B5AFB8D9097B5DEA22AE1318E7E0F1E23DF19402	EEF85463D1E58BA5EF4D8D99B91A0EAB44D554EC675BC8998AD1F7293ABAAE2E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.old (copy)	ASCII text	87F4C5D8AC80740D34E2090506A672E0	B5AFB8D9097B5DEA22AE1318E7E0F1E23DF19402	EEF85463D1E58BA5EF4D8D99B91A0EAB44D554EC675BC8998AD1F7293ABAAE2E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG	ASCII text	7851B34F514035E61BB5575E857F5FC6	9C2A290B1B63130F91CD4F46323F458FE8E37B22	9BE2C7610636D760DF81414E3449AAAECAD863FC3A74100F9FB26097003E91F8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old (copy)	ASCII text	7851B34F514035E61BB5575E857F5FC6	9C2A290B1B63130F91CD4F46323F458FE8E37B22	9BE2C7610636D760DF81414E3449AAAECAD863FC3A74100F9FB26097003E91F8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CURRENT (copy)	ASCII text	206702161F94C5CD39FADD03F4014D98	BD8BFC144FB5326D21BD1531523D9FB50E1B600A	1005A525006F148C86EFCBFB36C6EAC091B311532448010F70F7DE9A68007167
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0	data	FD76FC0B0F50D104796D75CAF988159B	CE64CFECC3AA3FF5DCE82BE30C51B24CDBC54762	028CFC3434C2C86479C18ECFE2AB2F690F4AC58AA91D6C990B207ED661F92D92
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1	data	0CA672641A95273F7C719060C7E4CFF7	1918AB022EC985A324D70568B83DC5BAE4D3DF1B	70F3C485E76A4DFBDF0E0A0EB71228ABF65C204A70C2E04976C4FAC3BCDCCD70
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2	data	B0CF49C49DA68B6D273BC28C9AFD1F6B	B6B62CA642CABC38F687C395C4F2B310289DDCF5	D6818A303E91CD7CBDF06026EFB4EBCF5CAAFF53CD07F017D9BEFD564D4C3032
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3	data	1A784C7AF07276252F072CE9B62E219B	76589E46FFF0D47F8BD1A0EEBDB6D2FDB8476067	C58D1304BEA4EAF02A967721D126E1F240B6D64656B7EE04675DC689A8311F69
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	SQLite 3.x database, last written using SQLite version 3032001	10E08EFD199D779485D5CFD1533628CD	473ED18DA384B9D999072FE375617C68479CAE2D	3CF164E1750B73FC490D90BD7C1325475AEB8DD8E6D94A9DD5CD3D7689C86F9A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Session	data	DC2A797DE947FA52BC345732C8B96F45	B4063C2F03E362BFC5349D7A4CE210B60D92EC23	9A4361A333EAA92917D12C0E144A77E104C1E1484101FC2D221E60A9451CB502
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Current Tabs	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.log	data	4B02663C177BA8EA36FB2E49617CCC05	6E77145135116873842B1BEE6622B116CDA3CBB1	0FD0B4ED1B18A8A1C73736E3C74168C6102092E5AFD431CD36F7F222E578A1C9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG	ASCII text	4FBCD4FEC2FAFD660D02FD3588E5FDCC	708822E3BF70A0D40CFBED1ADB28E40F41340CF0	E0DBF260F139B5ED0BCA8FF12BC518E618DE9F05AFFA8DC3BF0C6663A7258B2F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.old (copy)	ASCII text	4FBCD4FEC2FAFD660D02FD3588E5FDCC	708822E3BF70A0D40CFBED1ADB28E40F41340CF0	E0DBF260F139B5ED0BCA8FF12BC518E618DE9F05AFFA8DC3BF0C6663A7258B2F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.log	data	531557DF3F473422DD0102A22E51FE15	E2048D9AD1D7E3AC2135A339A6FF91814A473501	FB89F5D2BDE68159700BDE0E306D9E5D5CFF0B0AF733603967D228BB9C286A93
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG	ASCII text	8E7825D875D5FB0A933535BC2AD351DE	87A32BFB88E0C4448CFB3E5BCCC7E08B2E89B5DB	54DFB9D436BB91DF6FEF002BADA1853890009C8F3C8C45458500F9FD18521B77
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.old (copy)	ASCII text	8E7825D875D5FB0A933535BC2AD351DE	87A32BFB88E0C4448CFB3E5BCCC7E08B2E89B5DB	54DFB9D436BB91DF6FEF002BADA1853890009C8F3C8C45458500F9FD18521B77
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	90F880064A42B29CCFF51FE5425BF1A3	6A3CAE3996E9FFF653A1DDF731CED32B2BE2ACBF	965203D541E442C107DBC6D5B395168123D0397559774BEAE4E5B9ABC44EF268
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8520.615.0.5_1\_metadata\computed_hashes.json	ASCII text, with very long lines, with no line terminators	6AE2135EA4583C2F06CDEBEA4AE70FA4	DCEB26C7F02D53B5F214305F4C75B4A33A79CDC2	03AA1944CB3C4F39E20B6361571BC45DFBEBD3FFDA3D8F148CC6ECB29958F903
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Favicons	SQLite 3.x database, last written using SQLite version 3032001	A9D5443669C700CDF737E85325D35F68	4BB2EB15DD8C913D012BC932F439824422172328	B2229E3AACE89244CE6A523E9CFF4932036D409DCD0EED4B47C5ED7442F8BB05
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	AA36677C4F92C14E714F22439DC6B940	14D320FE3EBE209FA1038E07DF60CCFB00BAD96A	EA0C57B75BA1114250915FE1D48406D1057FC7F400646FEE76CBA879394A65F6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old.F (copy)	ASCII text	AA36677C4F92C14E714F22439DC6B940	14D320FE3EBE209FA1038E07DF60CCFB00BAD96A	EA0C57B75BA1114250915FE1D48406D1057FC7F400646FEE76CBA879394A65F6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG	ASCII text	711607ACEB26B76DF3E92EA04B3B6551	733DA3D95E60476B1555680C1C51A5E47E50F740	1D515821E855B9EC8AE0B88BD1726CBB6DCB37687AC7B9A61EFAA4642F454E88
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old. (copy)	ASCII text	711607ACEB26B76DF3E92EA04B3B6551	733DA3D95E60476B1555680C1C51A5E47E50F740	1D515821E855B9EC8AE0B88BD1726CBB6DCB37687AC7B9A61EFAA4642F454E88
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG	ASCII text	B5761000A561BCCCB21D0205A74C59DE	6535F1EC9F5E87F9635A7F4EEA421A382EB3A38B	683E0ED18ED3B46FFF34E3E64F6FFBEACCFD5255CFF84DC1B88C1E6243405B41
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.old.d (copy)	ASCII text	B5761000A561BCCCB21D0205A74C59DE	6535F1EC9F5E87F9635A7F4EEA421A382EB3A38B	683E0ED18ED3B46FFF34E3E64F6FFBEACCFD5255CFF84DC1B88C1E6243405B41
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	SQLite 3.x database, last written using SQLite version 3032001	2E00586DDA88790FE120C05870AE59EA	CFBD546BD2C563A1F95FCA0FC2A4B55EFC0FD71B	ABF2FB9DA714D1777C5A2CC040089EC27ABC1F4996505C5EDAC31DC44F59C82A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Provider Cache	data	52B019208D645F885AFAFD8771DD47AC	B9723717C71F83F8EC09FB982BB0661F68FE541C	68A90E975DF63238869437B49CC72606985538ADA3BBC46B6D63366A401ABA91
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History-journal	data	4D766EA79926342D8BE380DC63E15EC1	30D4213D8489EC2F9E510FC0F1D339FACC058E6C	80F1F609248748FA69F3F215AC65FF3C94B60E89243F73DDEC4F3A507333570A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\LOG	ASCII text	9A391B925E7FA22E5DE1CF7358E636FF	F8C662A8FA353096F44D594D7BCA4D91AAD242B9	8C16A9A3012F377353FFB13D699630422D294EEE64050492DEC26C2A3066D47D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Session`B (copy)	data	DC2A797DE947FA52BC345732C8B96F45	B4063C2F03E362BFC5349D7A4CE210B60D92EC23	9A4361A333EAA92917D12C0E144A77E104C1E1484101FC2D221E60A9451CB502
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Last Tabs\ (copy)	data	0686D6159557E1162D04C44240103333	053E9DB58E20A67D1E158E407094359BF61D0639	3303D5EED881951B0BB52CF1C6BFA758770034D0120C197F9F7A3520B92A86FB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	data	E24390490E93176CA279861216300CDF	88D9AA0773C60F634CB4965D33FB0AABC68AA872	14E54B6868460CDAE300039A76E7B8F617E6DFE3673876C2A295FD78CAF113EC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	ASCII text	4ADD0634239ADA15DE8195E82D41810E	000B1428E75314C69C96EC4563E5965A7692BC5C	E7E2086161D8F8251DA476E9F044D30D82CF133DAED1ED19D7DAC7CD276084B2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old. (copy)	ASCII text	4ADD0634239ADA15DE8195E82D41810E	000B1428E75314C69C96EC4563E5965A7692BC5C	E7E2086161D8F8251DA476E9F044D30D82CF133DAED1ED19D7DAC7CD276084B2
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000001	PGP\011Secret Key -	5AF87DFD673BA2115E2FCF5CFDB727AB	D5B5BBF396DC291274584EF71F444F420B6056F1	F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\MANIFEST-000002	MPEG-4 LOAS	22BF0E81636B1B45051B138F48B3D148	56755D203579AB356E5620CE7E85519AD69D614A	E292F241DAAFC3DF90F3E2D339C61C6E2787A0D0739AAC764E1EA9BB8544EE97
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State. (copy)	ASCII text, with very long lines, with no line terminators	494384A177157C36E9017D1FFB39F0BF	CE5D9754A70CD84CEE77C9180DB92C69715BE105	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State} (copy)	ASCII text, with very long lines, with no line terminators	74EFD4E89AB8B48A0AECB6D074C00B67	1CECB1651EBC6DB2E6CEC7FAFEED2C90A1048181	CCE217531BAB1FDBF60A61F462799FADD0188421FD23FE417742CD29B8750EA9
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG	ASCII text	82FB41A33BD08DD0459B9F98C5E6273E	591A6C6E6B097B5F4F2674A76274E3E1A63A22A2	3A6ED02A0D687D1537D06E62C3A36D0623986238595F5C35B721C0531F5CB015
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG.oldMP (copy)	ASCII text	82FB41A33BD08DD0459B9F98C5E6273E	591A6C6E6B097B5F4F2674A76274E3E1A63A22A2	3A6ED02A0D687D1537D06E62C3A36D0623986238595F5C35B721C0531F5CB015
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	BCBA2F8E5F250E1B70BE970F65830328	BA2C0180124068FCF766456E3B6AC09E503F9766	C9BCA867C1024049157AD5E03FE0D060CB7A3F9FD9F4CBA002E6330D51913F9E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Reporting and NEL	SQLite 3.x database, last written using SQLite version 3032001	82DFA781693FF8F8DC500083ACE29B17	4FE3A3DF7CBFA99EE82F262B2A8D11A7CEB4E198	C257C8AED9F40356094151867F4123DB98C2A1EEC846EDF8AD0A2CD113E4A084
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	E72F9D1945E1FFDF4286F6A3ACD3507D	0443E9B8EF1A2B85CD866B14F75FE82621E69DAF	A30D8E847D9F3428AF4A18F0BE384B7B913EF9CC5675CB9545BA80A1E3DF9684
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferencest (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	7BDEEFEF9405FC6044B3A6D84C588E56	1974E1958BD20FE55FE7028C08CD7D8F26638539	2DCF37D51B0578FBEC2DFB0DAEBF756340E04246D00427F2A2055E703CCB0B5F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log	data	B453AF4D9092A27EFD15ADDBD60AA45B	2756622CDAD7E6C3CF420C8CE310D6CF74D69EF4	3B29EF19B6DE76E245373F101D096D66DBBB86090065A09EA401103EA35C0EA5
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG	ASCII text	D20BDE9759D60978D6BE9B71258B22B3	3876A40226FDA184683032AB56030526D773189F	E54E29CCEFFE7B679021B7197C995A6306B7C6A9534AF9679E7336738E0B0C14
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.old (copy)	ASCII text	D20BDE9759D60978D6BE9B71258B22B3	3876A40226FDA184683032AB56030526D773189F	E54E29CCEFFE7B679021B7197C995A6306B7C6A9534AF9679E7336738E0B0C14
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG	ASCII text	1ABF3C3DFBF142148E2C64AC3C658BA8	952C2150393BDCA33D9AB3AC9FF81722B8627887	B2B0500E6E8FA1EF50A37752830D868E4A0352462CE23B6E39D9EBE2C8A044ED
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old. (copy)	ASCII text	1ABF3C3DFBF142148E2C64AC3C658BA8	952C2150393BDCA33D9AB3AC9FF81722B8627887	B2B0500E6E8FA1EF50A37752830D868E4A0352462CE23B6E39D9EBE2C8A044ED
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG	ASCII text	0BF176514F94AB8DA751A53866BC57D1	471212CEED338B9642C583084A2C57D3EFB13116	DDFA27FEA5C84A54221D82B4BACAF31F37772212339D1CF58924675CEBABEA80
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	0BF176514F94AB8DA751A53866BC57D1	471212CEED338B9642C583084A2C57D3EFB13116	DDFA27FEA5C84A54221D82B4BACAF31F37772212339D1CF58924675CEBABEA80
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent StateMP (copy)	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG	ASCII text	47E520149C3A92942FF805F2A0304736	6D2DEE4D3D2C811E679B16C4E40E5C286312392A	480C5229E91F0E1DFECD98266D66644DE86F8BB044B86113F4F8E17D403EE7DA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Platform Notifications\LOG.old (copy)	ASCII text	47E520149C3A92942FF805F2A0304736	6D2DEE4D3D2C811E679B16C4E40E5C286312392A	480C5229E91F0E1DFECD98266D66644DE86F8BB044B86113F4F8E17D403EE7DA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG	ASCII text	CB328C79616C6652309E2875C72531C2	90057479A752B6D19236C651C5565AC46D86316F	3344475E771F7B5A65AAD9D0BF339A217D375A00A82C15C7D026CC0DCED4D2AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Session Storage\LOG.old.c (copy)	ASCII text	CB328C79616C6652309E2875C72531C2	90057479A752B6D19236C651C5565AC46D86316F	3344475E771F7B5A65AAD9D0BF339A217D375A00A82C15C7D026CC0DCED4D2AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\ba646a7b-97e8-421e-8e10-deb7581900b7.tmp	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\79e87fe8-a749-4581-8461-740feecda53f.tmp	ASCII text, with very long lines, with no line terminators	B0429187E1BE99DE4D548DC5B2EDEA0A	B3E07BEE5D753BF1B613BD2DE665C7C21E8184F6	D8DABBF936DAB4F17437ECA255020EA847D76D6B789F9486010C95E995CFED03
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG	ASCII text	50ED604DD7340EC269E845F21185B3F6	98F6994F52F5C8B763C53C3A596B704189F0B338	C2E6F81A2612B9655984732F1278FC9D7B48761E4020AA4A2EC3B7CA4B749351
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOG.old (copy)	ASCII text	50ED604DD7340EC269E845F21185B3F6	98F6994F52F5C8B763C53C3A596B704189F0B338	C2E6F81A2612B9655984732F1278FC9D7B48761E4020AA4A2EC3B7CA4B749351
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network Persistent State.. (copy)	ASCII text, with very long lines, with no line terminators	B0429187E1BE99DE4D548DC5B2EDEA0A	B3E07BEE5D753BF1B613BD2DE665C7C21E8184F6	D8DABBF936DAB4F17437ECA255020EA847D76D6B789F9486010C95E995CFED03
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG	ASCII text	BB06EFE78674895BB357B3C4971A7449	31FE6891F50E53935A42CE45614FFC9FA49CFE9C	7D52497F545E4DE09AB60C8802B02CB935E1EB1F31C961C8EA4A71F6BA0E772E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Platform Notifications\LOG.old (copy)	ASCII text	BB06EFE78674895BB357B3C4971A7449	31FE6891F50E53935A42CE45614FFC9FA49CFE9C	7D52497F545E4DE09AB60C8802B02CB935E1EB1F31C961C8EA4A71F6BA0E772E
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.log	data	69449520FD9C139C534E2970342C6BD8	230FE369A09DEF748F8CC23AD70FD19ED8D1B885	3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG	ASCII text	19FD8F2419EE18B8E9159FDDDCD4E315	F83A4E447643E8FEE8C4A6FCE51F79D414BFF505	772D52137EDC49F0F54F09786A697E867FBEC8D811729AA9F3BF21081FF976FA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOG.old (copy)	ASCII text	19FD8F2419EE18B8E9159FDDDCD4E315	F83A4E447643E8FEE8C4A6FCE51F79D414BFF505	772D52137EDC49F0F54F09786A697E867FBEC8D811729AA9F3BF21081FF976FA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.log	data	1F7F208858A1F652FA7AE45C3C7510C9	E3B7E0FB73EE579B9E8B6E29F9D9CCD783050A5D	81B396566964F665632A83714FF09AFE24C96E8E5401A588B943D721669DE6F4
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG	ASCII text	B9D76EF1670F16A848DCB73845FFDC7C	62A5394E0BC3017B4F085EDCE582B51AF46610B9	B9819BC09AA30210E73797F2AACFE5E2CB56413FA0064293293007BC0070D85C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old.. (copy)	ASCII text	B9D76EF1670F16A848DCB73845FFDC7C	62A5394E0BC3017B4F085EDCE582B51AF46610B9	B9819BC09AA30210E73797F2AACFE5E2CB56413FA0064293293007BC0070D85C
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG	ASCII text	053AB23FFA0668C95554F6B1BD90E774	874B8373FE4038D9D62B54D1A90335E61F59E852	EA5B4E0E501BBAF924102A26F8D83D54B1E260BD73A77CBAA36F61C5C804D39D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\pkedcjkdefgpdelpbcmbmeomcjbeemfm\LOG.olds (copy)	ASCII text	053AB23FFA0668C95554F6B1BD90E774	874B8373FE4038D9D62B54D1A90335E61F59E852	EA5B4E0E501BBAF924102A26F8D83D54B1E260BD73A77CBAA36F61C5C804D39D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Visited Links	data	A2C38BF73831713C4C2142506050AED0	08B6B25C223B2CBE937244B9E80A49A18F437490	CA6E246F512349EDE4FE684380736E4B21BBFD23112A4CC337E96E79E9A79706
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d0d6fdf7-7ddb-4d69-a4bc-6e958473a158.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	6B1A55F286C6DC4395E9A2A1E25CC1E9	7ED7F6E80A0B16F4DBC84B6290294BEC04E518D3	395824C33939CAED3DE62096173A96857EF6254A927221BB4F976683789D87D8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\d663e5e0-d807-4cf3-bf90-b7223d97441e.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	DC7F4C6C05C0951BDDE9565F0CAF8B47	69895E0ACCE31A1EF9637D645698B688773615CC	2BF8E70AA90A0D8ACF2473FEEA18B48314487570FAE6E44B56C14E4933E534AD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG	ASCII text	03F458CFE7D899B1ED4846B297E0177C	95B384B7CFC58D470F1127C04AA31048E09C8FDC	AF6786C4D6462ACA13985B5409462F506F693C9F8DE0C0164AF94CA5E0FA9C63
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old72 (copy)	ASCII text	03F458CFE7D899B1ED4846B297E0177C	95B384B7CFC58D470F1127C04AA31048E09C8FDC	AF6786C4D6462ACA13985B5409462F506F693C9F8DE0C0164AF94CA5E0FA9C63
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004	MPEG-4 LOAS	031D6D1E28FE41A9BDCBD8A21DA92DF1	38CEE81CB035A60A23D6E045E5D72116F2A58683	B51BC53F3C43A5B800A723623C4E56A836367D6E2787C57D71184DF5D24151DA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\e20f7978-612c-4546-8c1d-ceac76d7c790.tmp	ASCII text, with very long lines, with no line terminators	27AA0E3AF569B62C0807B40690AFF241	1B72387B9BF7ED9B50AB44F59D6CADE27AE8C4D6	CCE8426E5C529C10347474B5355006E5F1AA15B9BC0B19B7AF129BCFD60FC041
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG	ASCII text	4609D84B940F61EC5395A8E36ED9D26C	BFA71AC8FFB2660C4C685A1795994F557327B70A	C0C7A9AF65F20993D7739A7E8B45F23B6790EAA5F6BDF34CED3CFE4E5F24022A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.old (copy)	ASCII text	4609D84B940F61EC5395A8E36ED9D26C	BFA71AC8FFB2660C4C685A1795994F557327B70A	C0C7A9AF65F20993D7739A7E8B45F23B6790EAA5F6BDF34CED3CFE4E5F24022A
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	45D16759A84D9B14332593250B3A8578	2A0F741D9B58061469D28D674695CB495A337BDA	B9492D5835DC99CC15D1ED3BC429BC79638231C5678B548DE346DED0CA3CC0CA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local StateMP (copy)	ASCII text, with very long lines, with no line terminators	0B7722A0047FAF939DD0E8E506AD9D25	17BA18694A0F1EEC18A0ECFF8669E7E93C1219F9	FD4D909827CF1F2101A5E0C34DD8777C9844EA8F9F99A8D8D486933E0C53E749
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local Stateen (copy)	ASCII text, with very long lines, with no line terminators	EE7D7B48FBF013A4106F806F30776823	66F822481D05C4CE85F22CFEF3638954A2398D62	6045645EE668CD77EDC47EC61BA01489C3B23365E92A24AAD2363590A9FB3E2D
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local Statel\ (copy)	ASCII text, with very long lines, with no line terminators	CB2E8E25E01A498FCDE381FBD890656A	4EDEF81510A3CD9591BFD2F11ECB72D58DA4A81A	960B1396B7E2D5AC539CF26C2EF936E21F21153CAD70EF31AB7D0D904CF04BA6
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	EEF685D9D3AC786080F655CB3BF8E8C4	F77B32B335442CBFAFD92426185B5FB415E5BFE8	30C8918532DE3A9C805929B86E57DC941FECBDD5D8AF9C16995E7FE9803CDBCA
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cacheg (copy)	data	AEE0ECEB3DC44F2132F9D26AA2C645FE	329EA37F2549323D000C1C4567C106C26BE7F51B	268DF1FFBC699C5D728A4CDD7CCDC4AD5E85A96CD803B739CCF0E78E325A1469
C:\Users\user\AppData\Local\Google\Chrome\User Data\Subresource Filter\Indexed Rules\27\scoped_dir5788_243439200\Ruleset Data	data	580DB025FA9444FBD3D00A0B7F4AEEE6	26BA225F9E58BA440E455B151AFA62E6DA71D052	4DF7686CE689C87AE5AC45DE42E602ADB0AC316EE7C9F55717DEAD2509058ECC
C:\Users\user\AppData\Local\Google\Chrome\User Data\dca8b792-992b-46f4-a746-1913a83300e9.tmp	ASCII text, with very long lines, with no line terminators	45D16759A84D9B14332593250B3A8578	2A0F741D9B58061469D28D674695CB495A337BDA	B9492D5835DC99CC15D1ED3BC429BC79638231C5678B548DE346DED0CA3CC0CA
C:\Users\user\AppData\Local\Google\Chrome\User Data\e27736e0-19b1-42c4-84aa-ecd46cb62f45.tmp	ASCII text, with very long lines, with no line terminators	EE7D7B48FBF013A4106F806F30776823	66F822481D05C4CE85F22CFEF3638954A2398D62	6045645EE668CD77EDC47EC61BA01489C3B23365E92A24AAD2363590A9FB3E2D
C:\Users\user\AppData\Local\Google\Chrome\User Data\faca25c2-b85c-45e2-918c-46d9d06067dd.tmp	data	EEF685D9D3AC786080F655CB3BF8E8C4	F77B32B335442CBFAFD92426185B5FB415E5BFE8	30C8918532DE3A9C805929B86E57DC941FECBDD5D8AF9C16995E7FE9803CDBCA
C:\Users\user\AppData\Local\Temp\4a5dcea9-43ac-44c4-9d94-a8e25242e7d3.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\5788_164178764\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	6D1D175F88B64546105E3E7C31D1129A	75A1B56F55BB62B05365A0FDBFC7941DE77CBFAF	A0BC246E8E160A9BB32FA60F4E7A04D148A17125F426509466031E07731FDF81
C:\Users\user\AppData\Local\Temp\5788_164178764\manifest.fingerprint	ASCII text, with no line terminators	C6ABF42CB5AF869629971C2E42A87FD5	6EB0FAE28D9466E76FA12E31FE6CDADD3ACCE4D1	D281AFDA759075F4CB7D7CEEC4A3CB2AF135213B4D691F27090E13F238486AD1
C:\Users\user\AppData\Local\Temp\5788_164178764\manifest.json	ASCII text	4AAA0ED8099ECC1DA778A9BC39393808	0E4A733A5AF337F101CFA6BEA5EBC153380F7B05	20B91160E2611D3159AD82857323FEBC906457756678AB73F305C3A1E399D18D
C:\Users\user\AppData\Local\Temp\5788_164178764\ssl_error_assistant.pb	data	E2F792C9E2DD86F39E8286B2EAD2FC70	8A32867614D2A23E473ED642056DED8E566687F9	AC354A4723AAA4F06BEC385DDDE4A4D0983AD51456F52B31A8068EC97D5B5EA7
C:\Users\user\AppData\Local\Temp\5788_1915091324\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	7CA907E59E6E623E4B85ED86A23E62D7	10C19F1E99C24DF5E604FDB72417D8980CB40AF1	EA75301687D1B18893F95D8EE4481CB61A291241B2D0D27AD4EE08C25520687E
C:\Users\user\AppData\Local\Temp\5788_1915091324\download_file_types.pb	data	D374E68291EC84F056C490A20EE7D2DF	41DC8FC942388DAE331840A22B211A3A9C864C17	E061783508D730C3D2A1760E4C7043A92588A47E998C844B1F57DE65E2A5CD42
C:\Users\user\AppData\Local\Temp\5788_1915091324\manifest.fingerprint	ASCII text, with no line terminators	F9FE68E8D39CAB0E631640A5D5131252	D7F0B4B199BBD20DACE04020BA0AAFA4FDAEFF93	FA3F1671316D008759E4299D7BBAB8294EF23A1680317B2F731884FA8603E58B
C:\Users\user\AppData\Local\Temp\5788_1915091324\manifest.json	ASCII text	9D0A411FFBA90AB549575AA17EDEDEC4	252D2AF3537C19401D20BA5C7F920E2B0050A1F1	2DE7CC470EC0CF9DC50F9C66D417CF1A1F033BC9907FA01C2B010BF9476EDD1B
C:\Users\user\AppData\Local\Temp\5788_34262223\Filtering Rules	data	492D833A4DACDC2843C7E1835DE22679	50461C265B3FF063690DFD7B5FDF742BA06DE36D	081284C6EB49939EA138A836CD347C212E130266A4E0FAF3A5DF7C01F9F27E21
C:\Users\user\AppData\Local\Temp\5788_34262223\LICENSE.txt	ASCII text, with CRLF line terminators	D33AAA5246E1CE0A94FA15BA0C407AE2	11D197ACB61361657D638154A9416DC3249EC9FB	1D4FF95CE9C6E21FE4A4FF3B41E7A0DF88638DD449D909A7B46974D3DFAB7311
C:\Users\user\AppData\Local\Temp\5788_34262223\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	531658FD4A53DCAA6706C4E299F7F321	30E6E2BBF0C17CDED7D479A14E96468B94B647C3	99CFEEE3A649590AB00880AFF978CB3E9BE65302AE2CD60B134387D606F1C79A
C:\Users\user\AppData\Local\Temp\5788_34262223\manifest.fingerprint	ASCII text, with no line terminators	665E5819FD3845C8CF669B0FC7C35244	C807724385F53E2B2410E269CAEEA719ABB03F76	317A5B0177F17156279688F1FEF1D2568AAEB975239BB48702C76E2C4EFCC050
C:\Users\user\AppData\Local\Temp\5788_34262223\manifest.json	ASCII text	B0E35F2BE526F795B810BE0E88B72358	0C7CB5B9E7AF8DE8ABB306CFB722994820656A1A	5D812EADC836E42C32649263525F7CFA2FE113E9C2D04E436EEE1BFF97E71359
C:\Users\user\AppData\Local\Temp\5788_389217827\LICENSE	ASCII text	EE002CB9E51BB8DFA89640A406A1090A	49EE3AD535947D8821FFDEB67FFC9BC37D1EBBB2	3DBD2C90050B652D63656481C3E5871C52261575292DB77D4EA63419F187A55B
C:\Users\user\AppData\Local\Temp\5788_389217827\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	65F6FFA85489E3670D604A1F0BDEB403	F535C8FAA98E58EC51E2474837C887B9FF9ACE8F	8F5D55ACFAF014946E7195F02E2F2C28701CAB54DDEDFD47DE72150011C19FA3
C:\Users\user\AppData\Local\Temp\5788_389217827\crl-set	data	B9DDF8893A9D3B9CF6227D9165ECE3F8	A3B05C0704E7438CE85C61ABEA0C4EF27E620EB9	1CFF9A4D215B6950DBB74BC3CA80A6B0730DFDC70DEB3CD1491C0E6E1040333B
C:\Users\user\AppData\Local\Temp\5788_389217827\manifest.fingerprint	ASCII text, with no line terminators	4F72AFA20352381874AAEB073CD385B5	5B8C334CB1067D0D6A1ECC49FBED847D8528E585	97FC74D2DD6ECDA8B4C576D39B81B9086BDF2B57D715B598210555F5427459C6
C:\Users\user\AppData\Local\Temp\5788_389217827\manifest.json	ASCII text	579B24312B4F2B999D19B84E63177B64	B04D3CEFD3B2577E0315C9B00B264942D41EFD16	9A270054D5A2983E127CD808156032EF645352BEF1D4C35D66D31B3C7C47AE4B
C:\Users\user\AppData\Local\Temp\6228fa69-d4d5-438c-8339-b0560fb87ff1.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\a476f82c-072a-4c8c-b38c-18e7cc6d4e0e.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\browser-sslkeys.log	ASCII text	7CB2519FB04ABF8B374AA8257C078833	F2DAC01266EEC977F547D33F41137823259DF97C	2963AC114623739DA282B9AA9DE14D123EF19D16355A4E5623CF2AACB03EE1C2
C:\Users\user\AppData\Local\Temp\df260aca-f600-476a-a58e-730d8a0e13f6.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\6228fa69-d4d5-438c-8339-b0560fb87ff1.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\id\messages.json	ASCII text, with CRLF line terminators	EAB2B946D1232AB98137E760954003AA	60BDC2937905B311D2C9844DF2D639D7AC9F7F67	C6E8800450602DE0F39FE9F6854472383813FB454B08ABAE7E25A9167CE004C3
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with CRLF line terminators	A328EEF5E841E0C72D3CD7366899C5C8	2851ED658385804E87911643F5A4200B1FB26E13	CD891C45F7586FB4A2514205A11F260E4A6D4482FA03D901909DD9F57BE0536D
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with CRLF line terminators	9B3A5D473C3F2BBFAEECE94A07A940B8	61BACA342CF766BBA15C7B4D892A0E7DAC9405AA	706312A4A2AEF3317223F141EB2B82685345B7EED444F16BB4DF3A272716DA1F
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	9F6B4D82A70C74CA751E2EAE70FAB5CF	0534F125FFCE8222277CF2BE3401C59DAF9217F8	D1467B8D037114403E8F4EFC52E88C4A7FEB96126BE4CFF883FEFF1084EF7E68
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with CRLF line terminators	4CA644F875606986A9898D04BDAE3EA5	722A10569E93975129D67FBDB75B537D9D622AD1	7C311AB751D840D750C11553C083785813E079C1D464FE568A98C9E3EF3DB96C
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with CRLF line terminators	C5CE2C51391EAFD3DA9E4C71549A3C28	1F67FF6EF6E90C0CE3AAF56ED543A3EFD381574D	1FA1DF2CA8516DEF490FB8484E9AA498ACFF80EEF5C9258FFE42D3678E6C7DED
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with CRLF line terminators	93C459A23BC6953FF744C35920CD2AF9	162F884972103A08ADB616A7EB3598431A2924C5	2CD700AEB57D89C2E73333D0702556EE3FF3863516170F85669BC680FCBDC4E0
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with CRLF line terminators	7A8F9D0249C680F64DEC7650A432BD57	53477198AEE389F6580921B4876719B400A23CA1	92BE7C2DC9CFBE5A65E9CE6488D364C8D7EC19E7B67A31E4D43C1CB2B169671C
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with CRLF line terminators	0E6194126AFCCD1E3098D276A7400175	E8127B905A640B1C46362FA6E1127BE172F4A40F	E2699F98C511B18A2AFB82EAE9A4804B646C4FF1077D80E77C17A3943A6373C2
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\pt_BR\messages.json	UTF-8 Unicode text, with CRLF line terminators	86A2B91FA18B867209024C522ED665D5	63DEC245637818C76655E01FCB6D59784BC7184E	6374880FDD1F8AF1EE8AEA6A06B73BE0AB265AFCEB4FE6F08BDE3B3989264B21
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\pt_PT\messages.json	UTF-8 Unicode text, with CRLF line terminators	750A4800EDB93FBE56495963F9FB3B94	8BFB915488A4EB3CB33D68E2E59F1F8447DB7D61	C1C94F65FABAF17DEF98A8587711A56D61B1E5607500E9B01F2824DB109F9E83
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with CRLF line terminators	98D43E4B1054A65DF3FA3CC40AB6FB6D	46E0A21C4DA2BB5D4D8F837AE211C1B6FA26E7E2	113A13900CBA62FE8AED06751971C23A80A99B47F9BE219CF884D57DB19611D9
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with CRLF line terminators	DB2EDF1465946C06BD95C71A1E13AE64	FB4F3ECE9ECECEBBC6CA2A592A15FB9C1FDFB811	FBAF22CE6E16DE174CED8CB5EA3098CCA1C3426A2111FF33BD3E64DA64ED67AB
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with CRLF line terminators	8DF215D1EFBDABB175CCDD68ED8DCB0A	2B374462137A38589A73FDD00A84CBDC7E50F9F4	7FA16AF97E6CFC52EC6008EB679D3F30E7E0C24F9EF2D18A9228EAF4DED9D63B
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with CRLF line terminators	3943FA2A647AECEDFD685408B27139EE	0129DD19D28373359530B3B477FE8A9279DABB7D	18AFF072EE0DF7C3495045435C752A805606E6D5D462EF2321C443F1773F4B3A
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with CRLF line terminators	D485DF17F085B6A37125694F85646FD0	24D51D8642CDC6EFD5D8D7A4430232D8CDE25108	7FFDE34C58E7C376C042DE64DEF6481DAE32BE8B70F0B18EDF536290CBE0C818
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with CRLF line terminators	D372B8204EB743E16F45C7CBD3CAAF37	C96C57219D292B01016B37DCF82E7C79AD0DD1E8	B8BA77E0089B0676545EC16D32468B727812B444F90B33A7A5B748E6C36C4388
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with CRLF line terminators	83E2D1E97791A4B2C5C69926EFB629C9	429600425CB0F196DDD717F940E94DBD8BFF2837	2FECA577F43D97BAEEA464741D585892103585208FD0A935B810A03BDCE83C88
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with CRLF line terminators	2CEAE0567B6BB1D240BBAD690A98CA3B	5944346FBD4A0797B13223895995CAB58E9ECD23	A7CB86F30C9C31FE5540282C308BA96ADB4EC16EF98C87129EB88105E5BEF5FC
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with CRLF line terminators	AB0B56120E6B38C42CC3612BE948EF50	8B3F520E5713D9F116D68E71DAEED1F6E8D74629	68ABA284751EB9C856032062EF9B1651E2A1E5CE5FDA0977FFC97D63BA7BED9E
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with CRLF line terminators	7EBB677FEAD8557D3676505225A7249A	F161B4B6001AEAEAB246FF8987F4D992B48D47BE	051F96ED874C11C4A13589B5F68964E4F5B03B52DDA223D56524F2CA23760C04
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\zh_CN\messages.json	UTF-8 Unicode text, with CRLF line terminators	BB73BF561BB79F89D9BF7C67C5AE5C65	2FADD3A1959B29C44830033A35C637D0311A8C9C	D804F2A040D21D7511EFD5213D8E1721D64964A1A0DBB48E21622CEEDC9D967E
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	5FF50C673CC0C661D615F0CFD0E6DCA0	60DFF98DEAB9C4746B288BDD9C94B3BCAE5EAA85	C6F8C640F3353A7B9B1432A0C139C1AEEC40133800E6C9B467B63991AD660308
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\user\AppData\Local\Temp\scoped_dir5788_157300010\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\am\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	26330929DF0ED4E86F06C00C03F07CE3	478F3B7E7A7E007BEE182B89C2EF6FFE6045E92C	621B5139ED199022BB6529AF18ED4DC312AE9F3E90ECAF3B2C9E1D12114F5B22
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\ar\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	44325A88063573A4C77F6EF943B0FC3E	78908D766F3E7A0E4545E7BD823C8ED47C7164EB	67A439A08804EF4BEF261BDBADD8F0FEFD51729167D01EDCA99DD4AF57D6108B
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6911CE87E8C47223F33BEF9488272E40	980398F076BB7D451B18D7FDE2DE09041B1F55AD	273DEF0F67F0FA080802B85EF6F334DE50A19408F46BDF41F0F099B1F5501EEA
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\bn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F9DDF525C07251282A3BFFCEE9A09ABB	A343A078E804AF400A8F3E1891E3390DA754A5CD	C69C6C90F7EB8F10685CD815AF1F6F1B87CF30C4E8D95DF1D577DE1105AAD227
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A90CF7930E7C3BEC61EE252DEFAD574A	F630CA01114A7BDD39607CB84B8280CCE218A5C6	A533740E17559E2ADF40B4555C60F21EEC84E92C09CDBC19EED033A0B4DD2474
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	17E753EE877FDED25886D5F7925CA652	8E4EC969777CC0CEB7C12D0C1B9D87EBBB9C4678	C562FCCFCE374D446BFAC30AC9B18FF17E7A3EF101C919FF857104917F300382
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F08A313C78454109B629B37521959B33	3D585D52EC8B4399F66D4BE88CED10F4A034FCCC	23BF7E5EDF70291CA6D8F4A64788C5B86379EECB628E3DFA7DD83344612F7564
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	980FB419ED6ED94AD75686AFFB4E4C2E	871BFBCA6BCBA9197811883A93C50C0716562D57	585C7814AFD2453232BC940252D4AE821D6E6CBCFD74A793F78E5DB8BA5342F1
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	40EB778339005A24FF9DA775D56E02B7	B00561CC7020F7FE717B5F692884253C689A7C61	F56BF7C171AA20038EE30B754478B69A98F3014C89362779B0A8788C7B9BEEE1
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\en\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8351AF4EA9BDD9C09019BC85D25B0016	F6EC1FFD291C8632758E01C9EE837B1AD18D4DCF	F41C82D8A4F0E9B645656D630C882BE94A0FB7F8CEC0FE864B57298F0312B212
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8A70C18BB1090AA4D500DE9E8E4A00EF	8AFC097FA956C1317DB0835348B2DA19F0789669	FF173D1CEF665B1234E02F11070ABD2B65230318150734579A03C7F31B4AE3F4
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	A62F12BCBA6D2C579212CA2FF90F8266	F7E964A2D9BBDA364252BCE5CFBA3FD34FDD825E	3EB3EB0B3B4A8E5A477D1B3C3A3891CCC7DC6B8879ECE243A7BD7C478068273D
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\fa\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	852BD3CFF960F1BC3A2AAB3CB3874EF9	C9F6F3C776542889FE3B67971D65ACFE048A3A0A	D87597B6C10364501B98AA42524843F109009CCEF022D8E0170440D7F144F4C6
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3902581B6170D0CEA9B1ECF6CC82D669	C8208AC2B1DD6D4F8BDAAE01C8BD71FFFA5A732B	D2A8180225A83A423BB6E17343DFA8F636D517154944002ED9240411B8C0C5E1
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\fil\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	59483AD798347B291363327D446FA107	C069F29BB68FA7BA2631B0BF5BBF313346AC6736	DD47530EAE96346CD4DC3267A0BB1091BB17B704803A93CDA2E3E81551B94F12
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9B416146FE4F1403C2AACAC4DCF1A5C3	616F055C9FAD4CE972DF82EC8A9B2F4EDA3E7FAD	7C7F5758F54008190ACCDDBD1761CBD980FB5FE0847E992874498228D2571DBC
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\gu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	68B03519786F71A426BAC24DECA2DD52	B8E6608932EC5CEC4BC3C5475BFC3E312D2E2E7D	C77A4D27E9E6CA25B9290056D93A656E3EBE975957E4C2EE9F0FB11B133D5CD4
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	20C86E04B1833EA7F21C07361061420A	617C0D70E162CF380005E9780B61F650B7A39F9B	C2C27CA242DBDE600BA3AA7782156BC2B190A64D8A1B51EDC8007BDECA139553
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	3ED90E66789927D80B42346BB431431E	2B061E3271DF4255B1FFC47BDB207CDEC0D9724F	0B41E3C42414F72C9A12C05F8772597F9685115366A774C66018467AD4B71A74
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8E9FF7E49473C5734A2F6F0812E12EB3	A4F10DDD1580582533D5EB59EDF6D8048F887C81	6CDD2FB39ADECE00E88B989E464B05ED1414092D0492F6D0AE58D549BFD1A46A
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\id\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	7ADF9F2048944821F93879336EB61A78	C3DA74FB544684D5B250767BB0CB66FFB7C58963	3630947E1075E3663AD3E4824D0BE42CB47C0D615D8053E83B9595047C8BA9BE
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\it\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	BB3041A2B485B900F623E57459AE698A	502F5EA89F9FB0287E864B240EA39889D72053A4	025737EF8FA06706B3F26D0F52B4844244A6D33DAE1D82FEF2931A14C003D57E
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\iw\messages.json	HTML document, ASCII text, with very long lines, with no line terminators	A991BEF47A83913A1E0EF06007D09198	80BA1E8FC3E9BE8A34F73E78CED8313E54F9CC96	0F95D8BF550F14B2B704CE42911F5BD23FA9FE28D0D301F66628848B27C760CB
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\ja\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	6F2CC1A6B258DF45F519BA24149FABDC	8A58C7880C6D22765DCBB6BCE22A192C1B109AE1	42ECFEE727CFC4F2845FEFDACE5EDC2E0A40AFAD69973A3B950CE653A7633342
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\kn\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2E3239FC277287810BC88D93A6691B09	FC5D585DA00ADC90BF79109C7377BD55E6653569	5FC705AD19761204D8604EA069936A23731B055D51E7836CAAF16AC7719FBEEA
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\ko\messages.json	UTF-8 Unicode text, with CRLF line terminators	E303CD63AD00EB3154431DED78E871C4	3B1E5B8E2CF5EBDF5D33656EF80A46563F751783	FDE602BFDB1AFD282682DA5338C4F91D8A2F6CB5411DB8F62F4583D629CE67A6
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\lt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	93BBBE82F024FBCB7FB18E203F253429	83F4D80F64FA2ADCE6C515C5F663BD38A76C51DB	E7A8570922CCC4F2CA3721C4E61F426158C4E7BC90274FBC8BE4040FF8B6CA9B
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\lv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	388590CE5E144AE5467FD6585073BD11	61228673A400A98D5834389C06127589F19D3A30	05CA14196CA5D90B228C0F03684E03EBE403A3E7B513AE0A059244AE12B51164
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\ml\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	2AF93901DE80CA49DA869188BCDA9495	E60DF4F2FB12BD3F1CA869DAD9F6BDE0C17CEB11	329E80AEE1212F634E180DEF7E16D6E38D9C9FDA9AC9DB1D99B8AE1626EF304E
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\mr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	659F5B4ACA112D3ECBB6EC1613DDE824	5DEE35FCD260554999F8DDEC489FBA9F81FA8EEE	C8B765E7A07578BC078A952E151E3B866506959E15E79E9E5E1DBB98F9C4008F
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\ms\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	09D75141E0D80FBD3E9E92CE843DA986	B24EAB4B1242C31B69514D77BC1DB36A3F648F40	8F1DBDEFD910AD88BEEC7956619CDB34391D6E69254C3A7497E8F87134AE8B5C
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\nb\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	ED99169537909291BCC1ED1EA7BB63F0	5F72D51B6DBE8C622EF33D2B2AEBD7E9E20DAFB3	65B6598225ADA1E14EE9CB76CA863708E8F9EE0724B4EDC8F9508532BD631BAB
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\nl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	E9236F0B36764D22EEC86B717602241E	DE82B804B18933907095DEF3F2EF164C1BB5F9B6	300F4F7C45EBE39EAAF40776C28D0A399A710699AAB58E9A8D43A6FD2DD00376
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\pl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8254020C39A5F6C1716639CC530BB0D6	A97A70427581ADA902CA73C898825F7B4B4FAC8F	2F4E4FC6AEB4A8E7F0E0DCE220D66E763F4EBF1FA79985834D636C6692FEA3E8
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\pt\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FABD5D64267F0E6D7BE6983AB8704F8C	D4DAAD0FF5C461C51E6C1FD22B86AFC5B13E123F	D82DCA262FF005668B252B478DEDAAC4A5C1E417AF9DE57C22F169A6680183AE
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\ro\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	75E16A8FB75A9A168CFF86388F190C99	C27CE4C1DB3DF2D232925C73DC9AC1FA24DAD396	9C4716FF42A730F1E7725F0D9E703F311E79FDA31F85B4BB0B8863FC3C27AB9D
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\ru\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	8EF94823972EA8D2FC9BB7EC09AB1846	4171DC9CE9D82FDA5A280517A1FE58C907D75CE3	1009DB9FFA64E411B31E0780EBA43B9C9F8B05B5AC8CCA9A38514650261ABB0A
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\sk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C314FAC15AFF6A2EE9C732C64AB5A66D	D51F3362B5FDD2F3756DE42D7D6227DC818C6344	8EE2A25A09D6D0F89063FAA34BA2BC4DB505DD31FE6D5064C5D6E1E153721484
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\sl\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F60AB4E9A79FD6F32909AFAC226446B3	07C9E383D4488BEBE316CA86966FC728F55A2E32	CDE581E6E7CF0136B003B45549E3BBEE7B67B74ADD786A8D5607BFDAD1DE7B87
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\sr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	4E233461D805CA7E54B0B394FFF42CAB	77F30833FC73A4C02C652C9E5A6EAFE9C3988A30	E1E1C64213EBF2CFEB7BA83E51B697CEA449B3A8B279B1024B859228DE869879
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\sv\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	897DAE6B0CF0FDE42648F0B47CB26E06	E1F5F5F65AF34FF9484AB2B01E571EAF19BA23D0	52656C24F6F6D0F3B3FC01E9504C4D5CEB85624F1B22E974CA675DD0E94EB82D
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\sw\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	EC233129047C1202D87DC140F7BA266D	537E4C887428081365D028F32C53E3C92F29AAA6	28EDBC5C4858217811D45CAA215710E452C8926E4DE99F810001AD664D08BE0D
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\ta\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C50C5D2EDFC79DBDCBD5A58A027A3231	14314D760A18C39F06CD072CF5843832AFB86689	EEB0E89D5AD92B80FF08F88533A111DB3416D7C3860C64227D1CC8B7C2B58298
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\te\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F740F25488BE253FCF5355D5A7022CEE	203A8DF19BA5A602A43DE18E99A6615D950C450E	5B9C96CB5D62510836B321EB9CEEF23865BB9D4DC4DE7716E90A858E00701FDF
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\th\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	9F926FCB8BAEA23453B99EA162CCDEA1	04D1E45591C0435A39DCA00A81E83E68585E8B64	100463C587F549C964A4EB21EA38EA1B4ADEF11E927FAC8FF884623B77202C02
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\tr\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	B0420F071E7C6C2DE11715A0BF026C63	F41CC696786B18805DB8DC9E1E476146C0D6BE90	309F946F753DF6AF5C255D772EA0D429462152F78ABA4A96A2E369707A2C6B67
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\uk\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	FF06E78C06E8DFF4A422EA24F0AB3760	A434D1CE22DE0D2FD1842E94F5815F7B1972D1EE	E209FDEF12CCEC03B4E0D5B9464F90D527E62C5BC4DD565C680661D7F282AB02
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\vi\messages.json	UTF-8 Unicode text, with very long lines, with CRLF line terminators	C3A40E8433D96D7E766C011D9EC7502B	EAB7BFAE48B1D29B95A8AE040DE94D3500824EE3	BD3D0F8CF100C96415B224011F550082D4516593CBD3631347748B7D6AD5B85A
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\zh\messages.json	UTF-8 Unicode text, with CRLF line terminators	D4513639FFC58664556B4607BF8A3F19	65629BC4CBBACA498F4082DD5884C8D3D7DDDC8A	C6D49997A9B4FF7FE701EC3644B1A523679A27778FB4BD39B7DBCA9F1ACCE595
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_locales\zh_TW\messages.json	UTF-8 Unicode text, with CRLF line terminators	494CE2ACB21A426E051C146E600E7564	D045ECC2A69C963D5D34A148FE4A7939DE6A1322	A1053F9496ED7FA3C625C94347F07A5E760F514FD8EE142EC9EE64E86B9C063D
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	934A5882214683DEDF130E1C7E513AFD	4CB84A956148E8F3739681546850996741FDF421	D87B0B61750D36CEE2647B59213BAAC8B046C9A929C396CAF36F61AF95939F63
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\angular.js	ASCII text, with very long lines	FCE26058E60BD1CF870623C640481A4F	F95B53ABA83D9F2B1206D79020887D8EF019B737	A9B552276ED7342DC92C240F98C68433E7C711436E285A88E0DE9520F3640925
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\background_script.js	ASCII text, with very long lines	47D5838CF5DB13E4E7EF71EC5FC940A1	6AAE6A72DADCD30F0C8D3095E90468996B59ABB7	E0F0E47CDFE7C7D6E6BB63A789D7C20B05AB8B3F6ADFDF07D08793437F2CCD42
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\cast_sender.js	ASCII text, with very long lines	BBEA05A7844E45C1CF7B7479506DBB0F	4E421EE2CE22E9E10D7CD9BBC0F9FD38C71716FA	BB77A95786B01BD9D9A0F96B6AEA759E4B4C7CF9275E6B11C819D3BEA867CD8B
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\common.js	ASCII text, with very long lines	B6B210313827B63A322E102627320835	03D4A5DDF7E68F51B73E5C5C1D852D5F50611B8D	35AD6DB342342660ECE38A8967145228E1458ADDDE750ED4F1DDE6A17F351A15
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\feedback.css	ASCII text	D8EE20737329319BFA1ACBB0E6C219A6	D24118D81990E1316CA809669ECB603724C6E7E2	A582FC20DBCAD1918000B690EB8F237EC14E5B836FD7F799C35702D88DBE6862
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\feedback.html	HTML document, ASCII text	0EFADA4B2A95CC2D4AE00F794759D763	FEC3BB7837BE805955601F8C211DC5BE1F16535D	8CB99506A2ED9BCC6E1A66E0F218524C91304B3EBFCA113D0FECBB3D80078D0D
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\feedback_script.js	ASCII text, with very long lines	26F3B1FE17AD7EA58FEB76414A2A9F61	00460DF77358708E951BCD745B388B49D81B7D30	56686B8D4F0A467D52EA03F503B6F8387742E9F8F3A90AD75C11BC9E3FF243D7
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\manifest.json	ASCII text, with very long lines, with CRLF line terminators	F76238944C3D189174DD74989CF1C0C6	85CE141EC8867B699668A5F5A48F404C84FCEB04	2EF48A1CF322DE356E8844DD2FD3431E8E7ACD04770649B6507EACA5ABDB53A7
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\material_css_min.css	ASCII text, with very long lines	76EAA4368ED0E83F45B725727414D0E2	CB3ABE758DD77E0AC48F9C9D23DB386E9E52E42E	3F94B4F2DDAE805F4863FE751B138CB77B24893E3EDE6822E72F0EE4624CD155
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\mirroring_cast_streaming.js	ASCII text, with very long lines	3B822402369E38423E0196F38666E4FF	46003805834146270C8CDD8DD3DC586B96F07962	E8A4514D5075DBF8D262D601E0BE56D2B9372E70E5F5FB8C6132DEC4D19F9C81
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\mirroring_common.js	ASCII text, with very long lines	654360FF7FDFFE33D5A6ACFBF724A756	5A6A3F657FDC63FA603EE25F98FD6EB75BBBFCD7	27116F53D9BF90CA864D92E03CD6DBD3346952109EBF7E4CBF4DD54555D4E92F
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\mirroring_hangouts.js	ASCII text, with very long lines	6F0D3D6150756440E05FCAB694D5AEEF	E1F15F2E825E41185EAEC2A2EC58A5832E28D50D	4FB517A0225506801DD60245B833914A99C78C2E929821BDA9072134EEB3C6E0
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\CRX_INSTALL\mirroring_webrtc.js	ASCII text, with very long lines	D8C34BAD4274AD0795779A88CC53F14E	2E9F20B48CACF79627B231A42561198F369D9D34	7CF60CF47D4A4D56541E039BF74C10FBE945A6430AD7663C9F7595BFDDC801C8
C:\Users\user\AppData\Local\Temp\scoped_dir5788_669775586\df260aca-f600-476a-a58e-730d8a0e13f6.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\Downloads\904cbfee-a0a0-4a80-9bc8-4872112aff91.tmp	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	6037ABE4EBCBCE3BA324787FDCD67A25	F79B8A3D3C5CB783C4CE4931363D687D35992849	C64EEAE646F5710E9F274797AF90803645A3EA396697117E04EDA2F69E7B87BA
C:\Users\user\Downloads\INV copy #HC9034010 Doc#01921.html.crdownload (copy)	HTML document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	6037ABE4EBCBCE3BA324787FDCD67A25	F79B8A3D3C5CB783C4CE4931363D687D35992849	C64EEAE646F5710E9F274797AF90803645A3EA396697117E04EDA2F69E7B87BA
C:\Users\user\Downloads\INV copy #HC9034010 Doc#01921.html:Zone.Identifier	ASCII text, with CRLF line terminators	2494DA1BCC13B5C1B190007B7BBAC6E5	B4C0F8C5F2C6E0B80F2E45A833F8961B92F9C876	69F99E888FDB33FAF78B9CD4664CC26F50001DBFA213459FC088C5E6B03F7A92

ID:	553197
Product:	CloudBasic
Start time:	13:21:21
Start date:	14.01.2022
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Windows Analysis Report https://docsend.com/view/wehe9k44ttwcf37k

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing:

Compliance:

Networking:

System Summary:

Persistence and Installation Behavior:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs